-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Patrick,
On 8/27/14, 10:12 PM, Patrick L Archibald (PLA) ☮ wrote: > I have a websocket app that works fine on Tomcat. I can not get it > configured to run behind Apache2 web server. Apache2 is configured > with SSL and LDAP basic authentication and uses AJP13 to talk to > Tomcat. All are running fine except for this new websocket app. Websocket does not work properly over mod_jk: you'll have to go directly to Tomcat for Websocket. https://issues.apache.org/bugzilla/show_bug.cgi?id=56576 Also, Apache httpd itself has little to no support for Websocket. https://issues.apache.org/bugzilla/show_bug.cgi?id=47485 > I can run this curl command. > > curl --user 'SOMEUSER:SOMEPASSWORD' -i -N -H "Connection: Upgrade" > -H "Upgrade: websocket" https://SOMEDOMAIN/RealTime/chat/ > > It returns "HTTP/1.1 426 Upgrade Required" and I see proxy debug > messages in the error.log, which all look good. > > When I run the app on just Tomcat it works fine. > > When I run the app on the Apache web server, in the Javascript > console I see: WebSocket connection to > 'wss://SOMEDOMAIN/RealTime/chat' failed: Error during WebSocket > handshake: Unexpected response code: 401 Oh, you didn't mention that you were using mod_proxy_wstunnel. Or that you were using httpd 2.4. Since you are, mod_proxy_wstunnel does in fact support Websocket but IIRC it's a bit shaky. Though I would imagine its entirely expected: you are requesting a resource without providing valid credentials and getting a 401 response. You might have to first make a non-Websocket request to Tomcat to authenticate and then another to start the Websocket exchange. > I do not see any debug messages in error.log, which is not good. > > I am use AJP connector. You are using mod_proxy_wstunnel, not AJP (which is not a connector but a protocol). mod_proxy_ajp and mod_jk use AJP and mod_proxy_wstunnel uses the Websocket protocol. > I am not using SSL between Apache and Tomcat since they are both > on the same subnet. > > In my Apache virtual host config I have: > > ProxyPass /RealTime/chat/ ws://LOCALTOMCAT:8080/RealTime/chat > ProxyPassReverse /RealTime/chat/ > ws://LOCALTOMCAT:8080/RealTime/chat > > I've have tried ws and wss in my ProxyPass statements. Neither > work. Do they both fail in the same way? > Question 1. Is wss required between Apache and Tomcat since I'm > https on the frontend? No. You might want to arrange for information from the incoming HTTPS request to be sent over the Websocket channel. I don't know enough about Websocket to know how to do this, but mod_jk for instance sends all TLS information about the connection to Tomcat automatically and makes it available as if Tomcat has received the request itself. I know that mod_proxy_ajp does /not/ do this by default and you therefore have to specifically configure both httpd /and/ Tomcat to match that behavior. > Question 2. How can I tell if the version of proxy_wstunnel has > been patched from this bug? > https://issues.apache.org/bugzilla/show_bug.cgi?id=55320 Are you running 2.4.10? IF not, then this bug is still not patched. But, as you have said, you don't require wss:// on your internal subnet. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT/zo3AAoJEBzwKT+lPKRYe7gQAIAGkBgpGTQOAKbd5+SZQnNX r05qGkdLN96RGMVdoHkk69+mkXUS2VHkdbr4FmEeaqtYe6WPG3imigkrVrlM8cNv EV4KFZmeGQpuX6A1ElJPNLXtTQT7RgvUmZyKFuT7QS2Ud3JnyxFJj1wzB+Qw2uZC kY5AJ0LFjUcNZ07CXq9C+klulyQsJSHRQYCeeX+yZ9Gjo5jdcSdjp9L1d/e/rBze 2Ul/BB7c1yCj7BQQKIEJ0cgSykP8zSyXpRl8ze7UqiKZam/CcEfGg+T813KYG2A/ I2AE0awq/XCYpeWqVmoy4GL3h0yq9qxofIGgOUEgW45Ewz46dPC6EolqOEAmXDOW d/FmXvgJqNGv1v0tzQUZV7we0JlWe3n7mszm78E4Jf/SrkBKyyPw+GM7Q8nrlWoF 7YcGF5WCPQDiukd2Rja+cx59TAS6/O/W8Ml1RJni1nO2xNv8bg+AnZRxEFBc9Vnr ZPles8gRGSiNiqie7q7xOvP6Tr36jEXLnYJf6v1g+rNGtYpJCqrccink/GZTkf4d YjfNqKCQtqSZwu1mFLqtqNCD3YNgvKKnk5hT3LnzNKCA1h2tZ8l6/UPfs+EMzFGB tEDmwUFu4hdo58uMvNfX7F3pAeIMrTfb9CVNnTk+PMQYl4dATkXhNq6OZZPwATwt O+HYku9gavGvzAxQ9WFQ =ZQSp -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
