I'm busy with implementing websockets on our reverse proxy (apache2) we redirect our traffic to tomcat with a proxypass but it's not working we get an 403 (forbidden in our logs)
apache vhost file:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin XXX
ServerName XXX
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/XXX_error.log
CustomLog ${APACHE_LOG_DIR}/XXX_access.log combined
ProxyPass / http://localhost:8110/ disablereuse=on
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) "ws://localhost:8110/$1" [P,L]
ProxyPreserveHost On
ProxyAddHeaders On
RequestHeader set X-Forwarded-Proto "https"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/XXX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXX/privkey.pem
</VirtualHost>
</IfModule>
If setup a nginx reverse proxy and everything is working (I get websocket connected in the logs) fine with the application but I'm not seeing what I'm doing wrong in the apache2 config.
nginx vhost:
server {
server_name XXX;
## Redirect to tomcat
location / {
proxy_pass http://localhost:8110;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Max-Age' '3600' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
}
## Listen https
listen 443 ssl; # managed by Certbot
## Certificates
ssl_certificate /etc/letsencrypt/live/XXX/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/XXX/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = XXX) {
return 301 https://$host$request_uri;
} # managed by Certbot
## Listen http
listen 80;
server_name XXX;
return 404; # managed by Certbot
}