I am using wss (secured web sockets) with spring from backend and STOMP for javascript client.
Does anyone knows why a get:
Handshake failed due to invalid Upgrade header: null
I met the same problem with nginx https proxy to tomcat. This is because I haven't support the wss request. To support the wss request, I use the config like below:
# WebSocketSecure SSL Endpoint
#
# The proxy is also an SSL endpoint for WSS and HTTPS connections.
# So the clients can use wss:// connections
# (e.g. from pages served via HTTPS) which work better with broken
# proxy servers, etc.
server {
listen 443;
# host name to respond to
server_name ws.example.com;
# your SSL configuration
ssl on;
ssl_certificate /etc/ssl/localcerts/ws.example.com.bundle.crt;
ssl_certificate_key /etc/ssl/localcerts/ws.example.com.key;
location / {
# switch off logging
access_log off;
# redirect all HTTP traffic to localhost:8080
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
the following solution works for me
<VirtualHost _default_:443>
ServerName my.app
ServerAdmin [email protected]
DocumentRoot /var/www/html
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCertificateChainFile ...
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
RewriteEngine on
RewriteCond %{HTTP:Upgrade}^websocket$ [NC,OR]
RewriteCond %{HTTP:Connection}^upgrade$ [NC]
RewriteRule .* wss:/127.0.0.1:8081%{REQUEST_URI} [P,QSA,L]
RewriteCond %{REQUEST_URI} ^/api/wsendpoint/%{var1}/%{var2}/websocket [NC,OR]
....
</VirtualHost>
I hope, that helps... The solution above is part of the following link: https://forum.mattermost.org/t/solved-apache2-reverseproxy-with-websocket-https/437/3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With