ws protocol and apache mod_proxy_wstunnel configuration: error 500

Question

I got an error 500 when trying to access to ws://localhost:8080/ via my Apache2 server. This server runs OpenSuse Leap 42.1 and Apache 2.4.16.

These Apache2 modules are enabled: mod_proxy, mod_proxy_http, mod_proxy_wstunnel.

When the request is called from the local network, everything works fine. URL example: http://<myhost-ip-address>/api/ws/<some-url>. It returns status 101 and the response: Upgrade: websocket. It's OK.

The same kind of request from external network fails. URL example: ws://www.mysite.com/api/ws/<some-url>. It returns error 500.

The Apache access log contains: GET /api/ws/<some-url> HTTP/1.1" 500 ...

The Apache error log contains: [proxy:warn] AH01144: No protocol handler was valid for the URL /api/ws/<some-url>. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

My httpd.conf:

<VirtualHost *:80>
ServerName mysite.com
ServerAlias mysite.com
# Redirection for ws protocol
ProxyPreserveHost On
ProxyVia full
ProxyRequests OffHere
RewriteEngine On
RewriteCond %{REQUEST_URI}  ^/api/ws/(.*)           [NC]
RewriteCond %{QUERY_STRING} transport=websocket     [NC]
RewriteRule /(.*)           ws://localhost:8080/$1  [P,L]
# Proxy pass
ProxyPass           /api/ws/            ws://localhost:8080/api/ws/
ProxyPassReverse    /api/ws/            ws://localhost:8080/api/ws/
# DocumentRoot
DocumentRoot /srv/www/vhosts/mysite.com
<Directory "/srv/www/vhosts/mysite.com">
    Options Indexes SymLinksIfOwnerMatch
    AllowOverride None
    ...
</Directory>
# URL as parameter
AllowEncodedSlashes NoDecode

I followed these previous StackOverflow answers (thank to that) : websockets , node.js , socket-io , but with no luck.

Something must be wrong in my configuration. Any ideas ?

EDIT

As suggested by adona9, here are debug logs:

proxy_util.c(1784): AH00925: initializing worker ws://localhost:8080/api/ws/ shared
proxy_util.c(1826): AH00927: initializing worker ws://localhost:8080/api/ws/ local
...
mod_authz_core.c(809): AH01626: authorization result of Require user <user>: granted
mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted
mod_charset_lite.c(219): AH01448: incomplete configuration: src unspecified, dst unspecified
mod_proxy.c(1159): AH01143: Running scheme ws handler (attempt 0)
mod_proxy_http.c(1944): AH01113: HTTP: declining URL ws://localhost:8080/api/ws/<some-url>
mod_proxy_wstunnel.c(341): AH02900: declining URL ws://localhost:8080/api/ws/<some-url>  (not WebSocket)
[proxy:warn] H01144: No protocol handler was valid for the URL /api/ws/<some-url>. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

Any ideas ?

Answer 1

So I ended up spending a day and a half researching and reading up on deep apache2 configuration. This is how I was able to solve this problem:

• Using both forensic_logs and DumpIO to find out my initial request headers on the apache2 end.

• Log the request headers coming from websocket client.

VERIFY that both contain the upgrade header and connection type websocket in the request header. More than likely, these problems are a result of network filtering or removing of specific header files.

My problem was that I was using an AWS classic load balancer which DOES NOT support websocket connections.

While reading other forums, some companies' firewalls also remove specific header files from their connections, so it could also be that.

So more than likely if you've triple-checked to make sure you have the right modules installed, the more than likely error is network related.

If you have a network diagram, check each specific node and gateway and verify that the in and out request headers are the same.