Problem
I am trying to setup a live environment with laravel websockets library behind an apache server.
The Websocket server is running on port 6001 (unreachable from outside).
The Apache VHost is configured for ws.example.com
I cannot get the Apache to proxy the wss:// requests correctly.
The request to wss://ws.example.com/request/path?protocol=7&client=js&version=5.1.1&flash=false fails.
(Error during WebSocket handshake: Invalid status line)
I think there is a problem with my vhost configuration. Am I missing something? Any advice is appreciated.
vhost configuration
<VirtualHost *:443>
ServerName ws.example.com
ServerAlias www.ws.example.com.com
DocumentRoot /srv/vhost/example.com/domains/ws.example.com/public_html
ErrorLog /var/log/virtualmin/ws.example.com_error_log
CustomLog /var/log/virtualmin/ws.example.com_access_log combined
ScriptAlias /cgi-bin/ /srv/vhost/example.com/domains/ws.example.com/cgi-bin/
DirectoryIndex index.php index.html
RewriteEngine on
ProxyRequests off
ProxyVia on
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:6001/$1 [P,L]
ProxyPass /request/path http://localhost:6001/request/path
ProxyPassReverse /request/path http://localhost:6001/request/path
SSLCertificateFile /etc/letsencrypt/path/ws.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/path/ws.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Create a subdomain for websockets. Then edit your virtualhost configs (Apache 2.4) as below. Use pusher-php-server 5.0.3
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName socket.website.com
<Proxy *>
Require all granted
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule .* wss://127.0.0.1:6001%{REQUEST_URI} [P]
ProxyPass / ws://127.0.0.1:6001
ProxyPassReverse / ws://127.0.0.1:6001
SSLCertificateFile /etc/letsencrypt/live/socket.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/socket.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
#max: your rewrite rules were the key, also applies when the proxy just forwards the unencrypted traffic and apache is handling ssl to the outside, replacing wss with ws then - after one day of fiddling its finally working!
edit: not enough reputation for a comment , sorry
Related
I have a webserver with nagios, nagios is the only service working in this vm, so I want when I go to the root https://mymachine to redirect directly to https://mymachine/nagios.
I have made a configuration like this
<VirtualHost *:443>
ServerName mymachine.mydomain
ServerAdmin root#mymachine.mydomain
Redirect / https://mymachine.mydomain/nagios
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios1.mymachine.mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios1mymachine.mydomain.key
SSLCACertificateFile /etc/pki/tls/certs/mymachine.mydomain.crt
</VirtualHost>
Restart http and..disaster! Firefox open the page
https://nagios1.mymachine.mydomain/nagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagios
and give the "redirect loop" error.
Consider I have also a redirect from http to https
active
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
If I remove it is the same thing.
Any solution?
Thanks
Solution found.
<VirtualHost *:80>
ServerName nagios1.mymachine.mydomain
ServerAdmin root#mymachine.mydomain
Redirect "/" "https://nagios1.mymachine.mydomain/nagios"
</VirtualHost>
<VirtualHost *:443>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios1.mymachine.mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios1mymachine.mydomain.key
SSLCACertificateFile /etc/pki/tls/certs/mymachine.mydomain.crt
</VirtualHost>
I have done redirection in apache before but in a simple way what I do is that enable rewrite module in apache server and then add the two .conf file in /etc/apache2/sites-available mentioned below
The below file is for redirecting HTTP request received throw domain to a specific port.
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =chat-dev.motivone.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The below file is for redirecting HTTPS request received throw domain to a specific port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
SSLCertificateFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
this process just works fine when I run my server throws HTTP and change proxy to HTTP but when I run my server on https and then try to redirect it. its throw the error like
i am not sure what is wrong ay kind of help is appriciable thanks in advance
I have an Apache2.4 config, which works well with HTTPS request.
Now, I'm trying to redirect wss(WebSocket) request to another server, where it running(On same server but on port 8000).
<VirtualHost *:8080>
ServerAdmin YYYY.YYYY#XXXXX.com
SSLEngine on
SSLCertificateFile "D:/cert/certificate.cert"
SSLCertificateKeyFile "D:/cert/privatekey.key"
# This is how I tried to redirect.
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L]
My WebSocket URL:
wss://127.0.0.1:8000/ws/home
The above config is not working. Please help!
Where I hit browser https://127.0.0.1:8080/ Page is loading for a long time without any response on the screen.
Edit-1:
I solved by using <Location 'path'>. Can anyone help me to handle all WebSocket URLs?
I have solved this by using the below code.
<VirtualHost *:8080>
ServerAdmin YYYY.YYYY#XXXXX.com
SSLEngine on
SSLCertificateFile "D:/cert/certificate.cert"
SSLCertificateKeyFile "D:/cert/privatekey.key"
<Location "/ws/home">
ProxyPass "wss://127.0.0.1:8000/ws/home"
</Location>
But this won't work will all WebSocket URLs.
I have successfully installed RocketChat on a private server, running Ubuntu 16.04, Apache 2.4, but I can't get SSL to work.
Background: The example.com has existing LetsEncrypt ceritificates. example.com has a website running on it with SSL and RocketChat needs to be at https://chat.example.com. There are two Apache VirtualHosts for example.com and chat.example.com, both enabled.
Settings are as follows:
example.com.conf
<VirtualHost example.com:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost example.com:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/example
Alias /examplestaging /var/www/html/examplestaging
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
chat.example.com.conf
<VirtualHost *:443>
ServerName chat.example.com
ServerAdmin webmaster#localhost
UseCanonicalName on
SSLStrictSNIVHostCheck on
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
<VirtualHost *:80>
ServerName chat.example.com
ServerAdmin webmaster#localhost
UseCanonicalName Off
ErrorLog /var/log/chat.example.com_error.log
TransferLog /var/log/chat.example.com_access.log
LogLevel info
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
The instructions I went by are
https://rocket.chat/docs/installation/manual-installation/ubuntu/
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/#running-behind-an-apache-ssl-reverse-proxy
https://asperti.com/en/bglug-slack-to-rocket-chat
All vhosts above are enabled. All apache proxy mods are enabled (according to instructions).
http://www.example.com:3000 works and I can login. I have changed the URL in the settings to https://chat.example.com.
The service file /lib/systemd/system/rocketchat.service is
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.target mongod.target
[Service]
ExecStart=/usr/local/bin/node /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://chat.example.com PORT=3000
[Install]
WantedBy=multi-user.target
Whenever I make any changes, I restart rocketchat and apache2 services.
When entering https://chat.example.com or http://chat.example.com, it instantly throws a server unavailable error, so it would seem that the reverse proxy isn't working (?). I do not have any errors in the log files for example.com-error.log, nor chat.example.com_error.log, nor error.log.
chat.example.com_error.log does include this info
[Tue Aug 13 21:25:47.062881 2019] [ssl:info] [pid 22553] AH01914: Configuring server chat.example.com:443 for SSL protocol
[Tue Aug 13 21:25:47.063611 2019] [ssl:info] [pid 22553] AH02568: Certificate and private key chat.example.com:443:0 configured from /etc/letsencrypt/live/example.com/cert.pem and /etc/letsencrypt/live/example.com/privkey.pem
What could be wrong with this setup?
Install Caddy on the server
Redirect the URLs to https://your RocketChat URL
Everything will be fine.
Did you try to generate via certbot?
sudo certbot --apache -d example.com -d chat.example.com
What I am trying to achieve is the following:
I want to have numerous subdomains such as abc.domain.com redirect to a url such as www.domain.com/something?subdomain=abc
Since I am redirecting to a fully qualified domain, I needed to use a reverse proxy to avoid the change of the URL in the browser. (using the [P] Flag and turning on the mod_proxy module and some other modules)
This is my DNS setup
*.domain.com. 14400 A 111.111.11.1
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:80>
ServerName www.domain.com
ServerAlias *.lionite.com
DocumentRoot /var/www/html
ErrorLog /var/www/logs
UseCanonicalName off
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTP_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) http://www.domain.com/something?subdomain=$1 [P,L]
This setup is working fine (Let me know if you think you can improve it of course).
My main problem is when I am trying to setup https://
This is my virtual host configuration for apache
<VirtualHost 111.111.11.1:443>
ServerName www.domain.com:443
ServerAlias *.domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf.d/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/cert/server.key
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/images
RewriteCond %{HTTPS_HOST} !^www\.domain\.com$
RewriteRule ^(.+) %{HTTPS_HOST}$1 [C]
RewriteRule ^([^.]+)\.domain\.com(.*) https://www.domain.com/something?subdomain=$1 [P,L]
</VirtualHost>
Whenever I call https://abc.domain.com - the response I am getting is the homepage but no matter what I am appending to the end of the subdomain, I will get the same response. It's like the rewrite isn't responding well.
Any help would be appreciated, or if you could share how you'd setup reverse proxy, rewrite, wildcard subdomain and SSL all together
Thanks,
I have had this same problem as well. The only way I solved it was to put different domains that need secure connection on different Listen ports because I was limited with IP addresses.
From my understanding, the problem is that in the https protocol the HOST is not included in the request. So when the request reaches the server, apache just uses the first match on the IP and port the connection was received on because it does not know the domain it was requested from.
The only work around for this is to have a different IP for each domain, or a different port.
Unfortunately you are out of luck using https with a wildcard domain setup, I don't believe there is anyway to get it to work.