I'm trying to connect to my websockets server from outside the local network. I deployed a web app based on Laravel, everything works fine when developing locally, but deploying the app to my Raspberry Pi won't let my websockets server work. The problem might be with my Apache config, but I'm not sure. I'm using a Let's Encrypt certificate, so everything is configured as it should in Laravel and in Apache.
The browser can reach the websockets server, but at websocket's console messages it says this: Error during WebSocket handshake: Invalid status line.
It looks like the Websocket server is not returning a 101 code, but I don't know how to debug or fix this. I'm using the 443 port for websockets, so this is my Apache config:
<VirtualHost *:443>
ServerName drink.myhost.org
ServerAlias www.drink.myhost.org
# WEBSOCKETS CONFIG
ProxyRequests off
ProxyPass "/app/ABCFEDG" "ws://127.0.0.1:6001"
ProxyPass "/app/ABCFEDG" "wss://127.0.0.1:6001"
ProxyPassReverse "/app/ABCFEDG" "ws://127.0.0.1:6001/app/ABCFEDG"
ProxyPassReverse "/app/ABCFEDG" "wss://127.0.0.1:6001/app/ABCFEDG"
ServerAdmin webmaster#drink.myhost.org
DocumentRoot /var/www/html/drink/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/drink.myhost.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/drink.myhost.org/privkey.pem
</VirtualHost>
Related
I’ll just briefly explain what I have and what I’d like.
On same server I have a service which has also a web gui on http port 9091 for example. The service does not have a option to change the config to https within the app.
I also have apache on that server for snmp traps graphs. So I’d like to use that apache as a https proxy, so communication to apache is https, from apache to that mentioned web plain http.
Client <-> https proxy <-> http web ui
I don’t want just redirect.
Can you advise me a simple solution. Not lucky yet with search.
Thank you!
Mario
Worked with
<VirtualHost *:8843>
ServerName xxx
ServerAdmin webmaster#localhost
# DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
# Set the path to SSL certificate
# Usage: SSLCertificateFile /path/to/cert.pem
SSLCertificateFile /xxx.crt
SSLCertificateKeyFile /XXX.key
ProxyPreserveHost On
ProxyPass /transmission http://localhost:9091/transmission
ProxyPassReverse /transmission http://localhost:9091/transmission
I have a Laravel project set up on OpenLitespeed server on a port. The IP address is 127.0.0.1:8016. I am using apache2 reverse proxy to pass requests to the OpenLitespeed server. The Laravel application works okay but after logging in I get a Laravel's 403 on all the pages that require authentication to view. I have even tried stopping the OpenLitespeed server and moving the project to apache2 but I still get the same problem. Both apache2 and OpenLitespeed are running on the same server. How can I fix this?
This is my apache conf file
<VirtualHost *:80>
ServerAdmin admin#mysite.com
ServerName mysite.com
ServerAlias *.mysite.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8016/
ProxyPassReverse / http://127.0.0.1:8016/
ProxyPassReverseCookieDomain .mysite.com 127.0.0.1
ErrorLog "logs/mysite.com-error.log"
CustomLog "logs/mysite.com-access.log" common
</VirtualHost>
This is my Laravel's trustedproxy.php
return [
'proxies' => "127.0.0.1",
'headers' => Illuminate\Http\Request::HEADER_X_FORWARDED_ALL,
];
I am trying to deploy a web application which is deployed in port 80 and I am able to access the website from www.ajaykalkoti.space and http://ajaykalkoti.space .
If I try to access the https://ajaykalkoti.space It returns 403 Error.The Request could not be satisfied.What should be my entry in Route 53.I have attached a screenshot of the below entries.
I am not using Load Balancer as I guess it gets charged.
Please guide me.
Route 53 Table
A Record
Use this AWS guide:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html
And you should configure 443 port in /etc/httpd/conf.d/ssl.conf:
Listen 443
<VirtualHost *:443>
ServerName ajaykalkoti.space
ErrorLog /var/log/httpd/ssl.error.log
CustomLog /var/log/httpd/ssl.log combined
SSLEngine on
SSLCertificateFile PATH_TO_CERT.crt
SSLCertificateKeyFile PATH_TO_KEY.key
SSLCertificateChainFile PATH_TO_CHAIN.ca-bundle
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLProxyProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLProxyCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
as example
And enable 443 port in instance security group
I'm stuck with my Apache-config and appreciate any help on this.
The config is like this:
The Apache redirects all http traffic to https
It proxies requests like https://domain.tld/app1 to http://domain.tld:9000/app1 (play apps are running at app-context /app*/...)
This works very well with the following Apache-config:
<VirtualHost *:80>
ServerName domain.tld
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://domain.tld/
Redirect permanent / https://domain.tld/
</VirtualHost>
<VirtualHost _default_:443>
#ssl-config here
<Proxy http://localhost:9000/*>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld:9000/app1
ProxyPassReverse /app1 http://domain.tld/app1
</VirtualHost>
The problem ist, that one play-application got a WebSocket added. Which isn't working with the above setup. So I read the stuff on the play-pages. Which led me to install mod_proxy_wstunnel. I also add the following lines to the config, but had no success with that:
ProxyPass /app1/timerWs ws://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs ws://domain.tld:9000/app1/timerWs
When I'm trying to connect to https://domain.tld/rlc/timerWs I got an 500 Internal Server Error, but there are no new, more specific errors in the apache error log.
How can I configure Apache to proxy WebSocket requests properly to my play applications?
My play-apps do not have https-adapters. All the https stuff is done by the Apache-proxy.
Play-apps are on version 2.5.
Apache is on 2.4.7.
Thanks a lot for your help.
Tobias
I have solved the issue now. What did the trick was to set-up https not only on the Apache, but also on Plays application server Jetty. To do so see this link. This leads to another ProxyPass address (notice the wss instead of ws):
ProxyPass /app1/timerWs wss://domain.tld:9000/app1/timerWs
ProxyPassReverse /app1/timerWs wss://domain.tld:9000/app1/timerWs
I also had to change the WebSocket address in my Javascript, to let the Browser know, where to find the WebSocket-Backend.
$(function() {
var WS = window['MozWebSocket'] ? MozWebSocket : WebSocket
var dateSocket = new WS("wss://domain.tld/rlc/timerWs")
var receiveEvent = function(event) {
$("#timer").html(event.data);
}
dateSocket.onmessage = receiveEvent
});
Before that I used a Play-route #routes.Application.timerWs().webSocketURL(request) to address the WebSocket.
I've just installed Jenkins on an EC2 machine. Jenkins is served via Apache with SSL on port 443. I haven't bought a certificate yet, so the https connection is insecure.
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName my_host_name
ServerAlias ci
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ProxyRequests Off
ProxyPreserveHost off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Proxy http://localhost:8080/*>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Jenkins refused to update my plugins. I've checked the URL at Manage Jenkins → Manage Plugins → advanced, and it was http://updates.jenkins-ci.org/update-center.json. I've tried downloading the file from curl at the server and it was downloaded without problems.
Why can't Jenkins download the json file for the updates?
This was fixed by using the secure coutnerpart for the url
https://updates.jenkins-ci.org/update-center.json
Instead of:
http://updates.jenkins-ci.org/update-center.json