Search code examples
apachetomcatproxywebsocketstomp

Using apache web server proxy to apache tomcat

According to apaches documentation, wstunnel was added in 2.4 and I should be able to route traffic.

I have the following setup

Apache tomcat running on 8081 and 8444.

There are static files (html/js) as well as groovy/grails (war) files being served from Tomcat

I have proxied 8081 <- 80 and 8444 <- 443

Meaning I can go to http://domain/app and see what I would have to otherwise go to http://domain:8081/app to see. [This is working just fine]

However, within the static javascript/html pages, there is a connection back to the tomcat using websocket. My app attempts to connect back to an app called inf and this fails.

This proxy/connection fails.

I see in the log that httpd (apache) was unable to find the correct protocol for /inf/stomp/getInfo which is the url to the websocket on the backend

I have attempted to follow this posts notes as well as proper ordering mentioned in this post

httpd.conf

Listen 443
ServerName mydomain
<VirtualHost *:443>

<Proxy *>
      Order deny,allow
      Allow from all
</Proxy>

SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/httpd/ssl/ssl.crt
SSLCertificateKeyFile /etc/httpd/ssl/ssl.key
RequestHeader set Front-End-Https "On"
SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
LogLevel debug


ProxyPass /mainView https://mydomain:8443/mainView
ProxyPassReverse /mainView https://mydomain:8443/mainView

ProxyPass /cas https://mydomain:8443/cas
ProxyPassReverse /cas https://mydomain:8443/cas

# <not working as it should>
ProxyPass /inf/ ws://mydomain:8081/inf/
ProxyPassReverse /inf/ ws://mydomain:8081/inf/
# </not working as it should>

ProxyPass /inf/ wss://mydomain:8444/inf/
ProxyPassReverse /inf/ wss://mydomain:8444/inf/



ProxyPass /inf-app https://mydomain:8444/
ProxyPassReverse /inf-app  https://mydomain:8444/
</VirtualHost>
Solution

  • Do you realise you have two: ProxyPass /inf/ blocks, if you have both a secure and insecure virtualHost you'll need move the ws: version to the port 80 virtualhost. There's also a duplicate SSLProxyEngine on

    As to fixing your issue see: tunneling secure websocket connections with apache, inparticular the: --enable-proxy_wstunnel=shared text