Hi, First, to proxy WebSockets, you have to use mod_proxy_wstunnel - the build-in mod_proxy does not understand the headers that allow WebSocket upgrades and will generally make it fail.
Once you have that, you do not need to configure Daphne to terminate SSL because Apache is doing it for you - it will forward all traffic to Daphne unencrypted. For URLs, you will have to use "wss://aaa.bbb.ccc:443". If it works with "ws:" only, that means SSL termination is not working and everything is unsecured. Andrew On Mon, May 8, 2017 at 10:37 AM, <generationte...@gmail.com> wrote: > Hi, I'm running Django Channels with Daphne behind Apache using reverse > proxy. Everything is working non-SSL and here's my Apache virtualhost conf > > <VirtualHost x.x.x.x:80> > SuexecUserGroup "#1029" "#1029" > ServerName aaa.bbb.com > ServerAlias www.aaa.bbb.com > ErrorLog /var/log/virtualmin/aaa.bbb.com_error_log > CustomLog /var/log/virtualmin/aaa.bbb.com_access_log combined > DirectoryIndex index.html index.htm index.php index.php4 index.php5 > > ProxyPreserveHost On > ProxyPass /public/static ! > ProxyPass "/ws/" "ws://127.0.0.1:8000/" > ProxyPass "/wss/" "wss://127.0.0.1:8000/" > ProxyPassReverse "/ws/" "ws://127.0.0.1:8000/" > ProxyPassReverse "/wss/" "wss://127.0.0.1:8000/" > ProxyPass / http://127.0.0.1:8000/ > ProxyPassReverse / http://127.0.0.1:8000/ > > Alias /public/static /home/wsock/wsock_system/interface/public/static > <Directory /home/wsock/wsock_system/interface/public/static> > Require all granted > </Directory> > > </VirtualHost> > > Now I want to implement SSL. I've got this virtualhost onf for port 443 > which I'm sure is setup incorrectly > > <VirtualHost x.x.x.x:443> > SuexecUserGroup "#1029" "#1029" > ServerName aaa.bbb.com > ServerAlias www.aaa.bbb.com > ErrorLog /var/log/virtualmin/aaa.bbb.com_error_log > CustomLog /var/log/virtualmin/aaa.bbb.com_access_log combined > DirectoryIndex index.html index.htm index.php index.php4 index.php5 > > ProxyPreserveHost On > ProxyPass /public/static ! > ProxyPass "/ws/" "ws://127.0.0.1:8000/" > ProxyPassReverse "/ws/" "ws://127.0.0.1:8000/" > SSLProxyEngine on > ProxyPass "/wss/" "wss://127.0.0.1:8000/" > ProxyPassReverse "/wss/" "wss://127.0.0.1:8000/" > ProxyPass / http://127.0.0.1:8000/ > ProxyPassReverse / http://127.0.0.1:8000/ > > SSLEngine on > SSLCertificateFile /home/wsock/ssl.cert > SSLCertificateKeyFile /home/wsock/ssl.key > SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 > > Alias /public/static /home/wsock/wsock_system/interface/public/static > <Directory /home/wsock/wsock_system/interface/public/static> > Require all granted > </Directory> > > </VirtualHost> > > I'm launching Daphne and the works from supervisord > > [program:server_interface] > > command=/home/wsock/wsock_system/interface/environment/bin/daphne -b > 127.0.0.1 -p 8000 perks.asgi:channel_layer -v 2 --access-log /home/wsock/ > wsock_system/interface/logs/daphne-access.log > directory=/home/wsock/wsock_system/interface > redirect_stderr=false > stderr_logfile=/home/wsock/wsock_system/interface/logs/daphne-stderr.log > stdout_logfile=/home/wsock/wsock_system/interface/logs/daphne-stdout.log > > autostart=true > autorestart=true > stopasgroup=true > user=wsock > ~ > > For normal Django webpage browsing, SSL is working and I get the browser > SSL padlock. Now I'm trying to configure my external websockets to also use > SSL. > > My questions are: > > 1) Since I'm using Apache "out front" do I need to use SSL on Dahne (with > Twisted) when launching it like referred to here? Or is Apache handling all > the SSL and Daphne will just see non-SSL traffic (both for web browsing and > websocket traffic)? > https://github.com/django/daphne > > 2) Also, for websocket SSL to work do my external webockets need to > connect to the URL wss://aaa.bbb.com ? Or does ws://aaa.bbb.com also > work? Currently when I configure my external websockets to connect to > aaa.bbb.com:80 with URL ws: it works, but when I also connect to > aaa.bbb.com:443 with URL ws: that also works. Connecting to any port as > wss: *does not work* > > TIA > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-users/8146b5c4-f45d-4f38-a1b8-87af717af069%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/8146b5c4-f45d-4f38-a1b8-87af717af069%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFwN1uq2c28HE68pPq5JFbUHjkmVh6CEGX3RuPp6Lq7rfUGDrA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
