Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wss or ws connections won't work on a http or https tunnel馃悰 #1164

Closed
SymphonyCR opened this issue Jan 19, 2024 · 2 comments
Closed

wss or ws connections won't work on a http or https tunnel馃悰 #1164

SymphonyCR opened this issue Jan 19, 2024 · 2 comments
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working

Comments

@SymphonyCR
Copy link

Describe the bug
Accordingly to the docs, websockets are supported by cloudflare, but after I did set a hostname in Zero trust Dashboard -> Access -> Tunnels -> mytunnel -> Public Hostname

This is the hostname config:

subdomain: mysubdomain
domain: mydomain.com

type: HTTPS
url: localhost:443
noTLSVerify: true

I can get access to my site perfectly, here's the problem, my server web-application, needs to stream content from multiple websocket ports, specifically from port 2100 to port 2140, this is because my web-application is divided in multiple modules and every module has to communicate through a websocket port... here is my apache https configuration:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

Listen 443 https

<IfDefine ENABLE_TLS13>
	***some tls content here***
</IfDefine>

<IfDefine !ENABLE_TLS13>
	***some tls content here***
</IfDefine>

SSLHonorCipherOrder On
SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:${SRVROOT}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
	SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

CustomLog "${SRVROOT}/logs/ssl_request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=HTTPS

<VirtualHost *:443>

	SSLEngine On
        SSLProxyEngine On
	# ServerName mydomain.com:443

#Tried with and without all this block

# RewriteEngine on
# RewriteCond %{HTTP:Upgrade} websocket [NC]
# RewriteCond %{HTTP:Connection} upgrade [NC]
# RewriteRule ^/?(.*) "ws://localhost:2100/$1" [P,L]
# ProxyRequests On
# ProxyPreserveHost On

	SSLCertificateFile "C:\Certbot\archive\sub.mydomain.com\cert1.pem"
	SSLCertificateKeyFile "C:\Certbot\archive\sub.mydomain.com\privkey1.pem"

	# HARBOUR BEGIN - AUTO-GENERATED

# Module Accounting
ProxyPass /harbour/2100 ws://127.0.0.1:2100/harbour
ProxyPassReverse /harbour/2100 ws://127.0.0.1:2100/harbour
ProxyPass /monitor/2100 ws://127.0.0.1:2100/monitor
ProxyPassReverse /monitor/2100 ws://127.0.0.1:2100/monitor

# Module Reservations
ProxyPass /harbour/2102 ws://127.0.0.1:2102/harbour
ProxyPassReverse /harbour/2102 ws://127.0.0.1:2102/harbour
ProxyPass /monitor/2102 ws://127.0.0.1:2102/monitor
ProxyPassReverse /monitor/2102 ws://127.0.0.1:2102/monitor

# Module Reception
ProxyPass /harbour/2101 ws://127.0.0.1:2101/harbour
ProxyPassReverse /harbour/2101 ws://127.0.0.1:2101/harbour
ProxyPass /monitor/2101 ws://127.0.0.1:2101/monitor
ProxyPassReverse /monitor/2101 ws://127.0.0.1:2101/monitor

# Module Banking
ProxyPass /harbour/2105 ws://127.0.0.1:2105/harbour
ProxyPassReverse /harbour/2105 ws://127.0.0.1:2105/harbour
ProxyPass /monitor/2105 ws://127.0.0.1:2105/monitor
ProxyPassReverse /monitor/2105 ws://127.0.0.1:2105/monitor

# Module Owners
ProxyPass /harbour/2104 ws://127.0.0.1:2104/harbour
ProxyPassReverse /harbour/2104 ws://127.0.0.1:2104/harbour
ProxyPass /monitor/2104 ws://127.0.0.1:2104/monitor
ProxyPassReverse /monitor/2104 ws://127.0.0.1:2104/monitor

# Module Restaurant
ProxyPass /harbour/2106 ws://127.0.0.1:2106/harbour
ProxyPassReverse /harbour/2106 ws://127.0.0.1:2106/harbour
ProxyPass /monitor/2106 ws://127.0.0.1:2106/monitor
ProxyPassReverse /monitor/2106 ws://127.0.0.1:2106/monitor

# Module Hotel Configuration
ProxyPass /harbour/2107 ws://127.0.0.1:2107/harbour
ProxyPassReverse /harbour/2107 ws://127.0.0.1:2107/harbour
ProxyPass /monitor/2107 ws://127.0.0.1:2107/monitor
ProxyPassReverse /monitor/2107 ws://127.0.0.1:2107/monitor

# Module Payroll
ProxyPass /harbour/2108 ws://127.0.0.1:2108/harbour
ProxyPassReverse /harbour/2108 ws://127.0.0.1:2108/harbour
ProxyPass /monitor/2108 ws://127.0.0.1:2108/monitor
ProxyPassReverse /monitor/2108 ws://127.0.0.1:2108/monitor

# Module Accounts Payable
ProxyPass /harbour/2109 ws://127.0.0.1:2109/harbour
ProxyPassReverse /harbour/2109 ws://127.0.0.1:2109/harbour
ProxyPass /monitor/2109 ws://127.0.0.1:2109/monitor
ProxyPassReverse /monitor/2109 ws://127.0.0.1:2109/monitor

# Module Accounts Receivable
ProxyPass /harbour/2110 ws://127.0.0.1:2110/harbour
ProxyPassReverse /harbour/2110 ws://127.0.0.1:2110/harbour
ProxyPass /monitor/2110 ws://127.0.0.1:2110/monitor
ProxyPassReverse /monitor/2110 ws://127.0.0.1:2110/monitor

# Module Payroll Configuration
ProxyPass /harbour/2111 ws://127.0.0.1:2111/harbour
ProxyPassReverse /harbour/2111 ws://127.0.0.1:2111/harbour
ProxyPass /monitor/2111 ws://127.0.0.1:2111/monitor
ProxyPassReverse /monitor/2111 ws://127.0.0.1:2111/monitor

# Module Inventory
ProxyPass /harbour/2112 ws://127.0.0.1:2112/harbour
ProxyPassReverse /harbour/2112 ws://127.0.0.1:2112/harbour
ProxyPass /monitor/2112 ws://127.0.0.1:2112/monitor
ProxyPassReverse /monitor/2112 ws://127.0.0.1:2112/monitor

# Module Fixed Assets
ProxyPass /harbour/2113 ws://127.0.0.1:2113/harbour
ProxyPassReverse /harbour/2113 ws://127.0.0.1:2113/harbour
ProxyPass /monitor/2113 ws://127.0.0.1:2113/monitor
ProxyPassReverse /monitor/2113 ws://127.0.0.1:2113/monitor

# Module Spa
ProxyPass /harbour/2114 ws://127.0.0.1:2114/harbour
ProxyPassReverse /harbour/2114 ws://127.0.0.1:2114/harbour
ProxyPass /monitor/2114 ws://127.0.0.1:2114/monitor
ProxyPassReverse /monitor/2114 ws://127.0.0.1:2114/monitor

# Module Events
ProxyPass /harbour/2115 ws://127.0.0.1:2115/harbour
ProxyPassReverse /harbour/2115 ws://127.0.0.1:2115/harbour
ProxyPass /monitor/2115 ws://127.0.0.1:2115/monitor
ProxyPassReverse /monitor/2115 ws://127.0.0.1:2115/monitor

# Module Tours
ProxyPass /harbour/2116 ws://127.0.0.1:2116/harbour
ProxyPassReverse /harbour/2116 ws://127.0.0.1:2116/harbour
ProxyPass /monitor/2116 ws://127.0.0.1:2116/monitor
ProxyPassReverse /monitor/2116 ws://127.0.0.1:2116/monitor

# HARBOUR END - AUTO-GENERATED

	DocumentRoot "C:\my-path\www"
	CustomLog "${SRVROOT}/logs/ssl_request.log" \
		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	<Directory "C:\my-path\www">

		Options +ExecCGI +Indexes +FollowSymLinks

		DirectoryIndex index.html index.exe

		AllowOverride All
		Require all granted

		Require all granted

	</Directory>

</virtualhost>

When I serve my web-app without cloudflare tunnels, everything works as expected... no errors... but with cloudflare tunnel my site loads, but as soon as I launch any modules from my webapp, this is shown in console:

webSocket address:  wss://sub.mydomain.com/harbour/2100
webview.js:706 WebSocket connection to 'wss://sub.mydomain.com/harbour/2100' failed: 
initialize @ webview.js:706
(anonymous) @ webview.js:4264
dispatch @ jquery.min.js:2407
y.handle @ jquery.min.js:2312

Any ideas about how to make it work with cloudflare tunnel?

Thanks in advance, if there's any other information you need from me, please let me know.
@SymphonyCR SymphonyCR added Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working labels Jan 19, 2024
@jcsf
Copy link
Contributor

jcsf commented Jan 19, 2024

Hi, check if this might help you: https://lmei88.medium.com/websocket-with-cloudflare-tunnel-reversed-proxy-to-self-hosted-ubuntu-server-95625475c610

@jcsf
Copy link
Contributor

jcsf commented Feb 29, 2024
edited

Closing because we don't have a response for over a month.

@jcsf jcsf closed this as completed Feb 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcsf @SymphonyCR