Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apache ProxyPass websocket problem #3339

Closed
fuatsengul opened this issue Dec 20, 2014 · 14 comments

Comments

@fuatsengul
Copy link

@fuatsengul fuatsengul commented Dec 20, 2014

Hi there,
I run my meteor app on my own server, It runs node and mongodb behind and there's an apache server at the front for routing for another websites that runs on my machine.

I'm also configured SSL on Apache and routed http layer to https with RewriteEngine, so any http requests automatically routed to https layer.

Everything is OK so far, but I see this error message in my console:
WebSocket connection to 'wss://mydomain.com/sockjs/925/yb5xv02p/websocket' failed: Unexpected response code: 400

Request URL:wss://mydomain.com/sockjs/076/l1p9yvz8/websocket
Request Method:GET
Status Code:400 Bad Request
Request Headersview source
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,tr;q=0.6
Cache-Control:no-cache
Connection:Upgrade
Cookie:meteor_login_token=; TAPi18next=en
Host:mydomain.com
Origin:https://mydomain.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Response Headersview source
Connection:close
Date:Sat, 20 Dec 2014 23:22:53 GMT
Transfer-Encoding:chunked

My checks:
Not every websocket requests drops, only this one.
If I use the original host (which I was proxied here) the error goes away, so there's a problem with proxy.
It's browser/platform independent.
I've also seen this, In web inspector's network tab, I can see the all requests, every websocket requests URL is on https:// but only this request uses wss://

@fuatsengul

This comment has been minimized.

Copy link
Author

@fuatsengul fuatsengul commented Dec 26, 2014

I solved the problem, it was sourced by the apache configuration.
Details are here: https://groups.google.com/forum/#!topic/meteor-talk/9FO4YOo1YNY

@fuatsengul fuatsengul closed this Dec 26, 2014
@cellulosa

This comment has been minimized.

Copy link

@cellulosa cellulosa commented Dec 11, 2015

Hi @fuatsengul could you please share your config?

I've got this error coming up:

WebSocket connection to 'ws://website.com/sockjs/616/72ht6n8p/websocket' failed: Unexpected response code: 400

I'm on CentOS 7, Apache 2.4.6 and I've obviously got enabled mod_proxy. I'm NOT on SSL, though. I've added the following line into /etc/httpd/conf/httpd.conf (just before declaring ProxyPass, like in the config example provided by the guy in your link):

ProxyPassMatch ^/sockjs/(.*)/websocket ws://localhost:3000/sockjs/$1/websocket

However, I still get the error. Is there anything else I need to do?

@fuatsengul

This comment has been minimized.

Copy link
Author

@fuatsengul fuatsengul commented Dec 16, 2015

Hello @cellulosa
Sorry for late return, this setup is working for me:
The error page, SSL and rewrites(forcing ssl) are extra, you don't have to use them.
Also, my apache on 2.4.10 and proxy_wstunnel has enabled.

<VirtualHost *:443>
     ServerName mysite.com
     ServerAlias www.mysite.com

     SSLEngine on
     SSLProxyEngine On
     ProxyRequests Off

     SSLCertificateFile /etc/apache2/ssl/mysite.com.crt
     SSLCertificateKeyFile /etc/apache2/ssl/mysite.com.key
     SSLCertificateChainFile /etc/apache2/ssl/ca.cer

     DocumentRoot /var/www/errorPages

     ErrorDocument 503 /503.html
     ProxyPass /503.html !

     ProxyPass / http://localhost:3999/
     ProxyPassReverse / http://localhost:3999/


RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:3999%{REQUEST_URI} [P]


</VirtualHost>
@timbotnik

This comment has been minimized.

Copy link

@timbotnik timbotnik commented Dec 30, 2015

@fuatsengul thanks for posting a working configuration.

@cellulosa

This comment has been minimized.

Copy link

@cellulosa cellulosa commented Feb 10, 2016

@fuatsengul thanks for posting your configuration, however I'm still having issues with this.

I've also posted on StackOverflow here but no success so far.

Actually, on Android sometimes I get a security warning due to Name mismatch, but I don't have any ssl enabled... Maybe I should and that's the issue?

@cellulosa

This comment has been minimized.

Copy link

@cellulosa cellulosa commented Feb 10, 2016

Ouch - resolved. My issue had to to with my Varnish configuration - I forgot all about it lol. I just disabled apache and the proxy as I'm passing the request straight to node.js via Varnish (more details in the StackOverflow question linked above).

@fuatsengul

This comment has been minimized.

Copy link
Author

@fuatsengul fuatsengul commented Feb 10, 2016

@cellulosa happy to hear that you've solved 👍

@rachaelbe

This comment has been minimized.

Copy link

@rachaelbe rachaelbe commented Jun 1, 2016

@fuatsengul this problem has been driving me nutty for months! your solution is the first one I've come across that works, and doesn't degrade the connection down to http. Thank you :-D

@evroza

This comment has been minimized.

Copy link

@evroza evroza commented Apr 4, 2017

@fuatsengul Cheers mate, the rewrite conditions worked great for me.

@FaizanNoor

This comment has been minimized.

Copy link

@FaizanNoor FaizanNoor commented Apr 30, 2017

@fuatsengul Thanks a lot bro for sharing the config. I was missing the "RewriteRule" rule. Added in the conf and it worked. Cheers!

@jobehi

This comment has been minimized.

Copy link

@jobehi jobehi commented Sep 17, 2017

@fuatsengul

Thank you very much ! that's exactly what I needed.

@funston

This comment has been minimized.

Copy link

@funston funston commented Mar 13, 2018

Has anyone seen this happen only using Safari? My chrome browser connects fine, but Safari spews all these 400 connect/websocket errors to the same aws/ec2 server

@HoucemEddine

This comment has been minimized.

Copy link

@HoucemEddine HoucemEddine commented May 17, 2018

has anyone tried solving this avoiding the hostname:port , I have some micro services running on one server and we are implementing websocket stuff on one of them, these Micro Services already have proxyPass and proxyPassReverse configured to a load-balancer, though I'm still struggling with this conf for websockets
example of my setup
ProxyPass /micro-service-a/ balancer://msa.dev.my.domain.com/
ProxyPassReverse /micro-service-a/ balancer://msa.dev.my.domain.com/
ProxyPass /micro-service-b/ balancer://msb.dev.my.domain.com/
ProxyPassReverse /micro-service-v/ balancer://msb.dev.my.domain.com/
## I added these lines as an attempt
RewriteCond %{REQUEST_URI} ^/micro-service-b [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://host:port/$1 [P,L]

PS: it works if I use host:port/websocket/foo but not with dev.my.domain.com/micro-service-b/websocket/foo

@Anishmourya

This comment has been minimized.

Copy link

@Anishmourya Anishmourya commented May 31, 2018

ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "http"
ProxyPass / http://127.0.0.1:3006/
ProxyPassReverse / http://127.0.0.1:3006/

RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:3006%{REQUEST_URI} [P]
working for me....................i am using port 3006 that connect to socket docker container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.