ws_tunnel Apache->Websocket server not working

Question

I have a local web socket server running on WSS:// port 9000. In the same server I have apache running as well.

When I try and connect from my remote client directly to port 9000 via WSS like this:

wss://myserver:9000

it works fine. However, I blocked port 9000 on my router and am trying to access it via apache (which is running on SSL).

When I try and access wss://myserver/

I can see the logs in Apache that it issued a GET but my web socket server does not receive the connection.

I've read through various SO threads and I think I have my ordering correct.

Details:

Apache Version: Server version: Apache/2.4.7 (Ubuntu)

sudo apache2ctl -M shows proxy_* modules running proxy_module (shared) proxy_http_module (shared) proxy_wstunnel_module (shared)

Apache configuration: (relevant lines inside VirtualHost)

ProxyPass / wss://localhost:9000/
ProxyPassReverse / wss://localhost:9000/

<Proxy *>
  Order deny,allow
  Allow from all
</Proxy>

Note that both my local web socket server and Apache are configured to use the same certificates

(I'm not sure if I need the Proxy * part, but I saw it in one SO thread)

And here are debug logs:

http://pastebin.com/gqVp3Pz5

Thanks

Answer 1

It seems by default Apache wstunnel does not work when the need is to tunnel SSL end to end. What works is if Apache terminates WSS and then does a WS with the local server.

I found this thread tunneling secure websocket connections with apache that describes how to recompile Apache to allow for end to end WSS tunneling.

I've currently decided to not do apache tunneling and open a firewall port for my event server directly as I don't expect my users to have the inclination to recompile Apache for this.