Websocket reverse proxy with apache2

kokolegorille · November 8, 2017, 9:30am

Hello everyone,

I am having a hard time trying to reverse proxy with apache2 to my production release.

The release is running on port 4010 on a dedicated Linux box. Application works fine when using this port, websocket are also working fine.

But when I use apache2 to reverse proxy, the site appears correctly, the api calls are working too, only websocket are denied with code 403.

So I activated mod_proxy_wstunnel with

a2enmod proxy_wstunnel

and used this virtual host config

<VirtualHost *:80>
	ServerAdmin koko.le.gorille@gmail.com
	ServerName www.whatever.com
        ProxyPreserveHost On
        ProxyPass / http://0.0.0.0:4010/
        ProxyPass /socket ws://0.0.0.0:4010/
        ProxyPassReverse / http://0.0.0.0:4010/
        ProxyPassReverse /socket ws://0.0.0.0:4010/
</VirtualHost>

In particular these lines

ProxyPass /socket ws://0.0.0.0:4010/
ProxyPassReverse /socket ws://0.0.0.0:4010/

But socket connection is still denied. I am using apache2 over nginx mainly for historical reason. Any ideas?

Thanks for taking time

kokolegorille · October 15, 2018, 3:01pm

I solved this by using nginx instead. Thanks for sample apache config.

m1dnight · October 16, 2018, 11:46am

Just a little side note: it does not work for the live reload socket, because that one does not use the /socket/ path, and thus falls through over HTTP. I have not found a fix for that, yet.

m1dnight · October 17, 2018, 3:39pm

I accidentally removed my solution. So here it is, again:

<VirtualHost *:80>
    ServerName example.com
    ErrorDocument 404 /404.html
    ServerAdmin admin@example.com

    ProxyPass        /socket/ ws://myapp.com:8000/socket/
    ProxyPassReverse /socket/ ws://myapp.com:8000/socket/

    ProxyPass        / http://myapp.com:8000/
    ProxyPassReverse / http://myapp.com:8000/

</VirtualHost>

The example assumes your Apache reverse proxy is running on example.com, and your application is running on myapp.com with port 8000 published.

Just a little side note: it does not work for the live reload socket, because that one does not use the /socket/ path, and thus falls through over HTTP. I have not found a fix for that, yet.

kokolegorille · October 17, 2018, 3:42pm

One of the main point is to use the domain name, IIRC. And also correct socket path

trigeek38 · January 19, 2021, 4:31pm

This final configuration worked for me including live and live reload

<VirtualHost *:80>
    ServerName myserver.com

   RewriteEngine on
   RewriteCond %{HTTP:Upgrade} websocket [NC]
   RewriteCond %{HTTP:Connection} upgrade [NC]
   RewriteRule ^/?(.*) "ws://localhost:4000/$1" [P,L]

   ProxyPass        /socket/ ws://localhost:4000/socket/
   ProxyPassReverse /socket/ ws://localhost:4000/socket/

   ProxyPass        /live/ ws://localhost:4000/socket/
   ProxyPassReverse /live/ ws://localhost:4000/socket/

   ProxyPass        / http://localhost:4000/
   ProxyPassReverse / http://localhost:4000/

</VirtualHost>