0

I'm busy with implementing websockets on our reverse proxy (apache2) we redirect our traffic to tomcat with a proxypass but it's not working we get an 403 (forbidden in our logs)

apache vhost file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin XXX
    ServerName  XXX

    LogLevel warn
    ErrorLog  ${APACHE_LOG_DIR}/XXX_error.log
    CustomLog ${APACHE_LOG_DIR}/XXX_access.log combined

    ProxyPass / http://localhost:8110/ disablereuse=on

    RewriteEngine on

    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule /(.*) "ws://localhost:8110/$1" [P,L]

    ProxyPreserveHost On
    ProxyAddHeaders On
    RequestHeader set X-Forwarded-Proto "https"

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/XXX/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXX/privkey.pem
</VirtualHost>
</IfModule>

If setup a nginx reverse proxy and everything is working (I get websocket connected in the logs) fine with the application but I'm not seeing what I'm doing wrong in the apache2 config.

nginx vhost:

server {

        server_name XXX;

## Redirect to tomcat
        location / {
                proxy_pass http://localhost:8110;
                proxy_set_header Host $host;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Origin "";
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Origin' '*'  always;
                add_header 'Access-Control-Max-Age' '3600'  always;
                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
                add_header 'Access-Control-Allow-Headers' '*' always;
        }

## Listen https
    listen 443 ssl; # managed by Certbot

## Certificates
    ssl_certificate /etc/letsencrypt/live/XXX/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/XXX/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
server {
    if ($host = XXX) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


## Listen http
        listen 80;

        server_name XXX;
        return 404; # managed by Certbot
}

2 Answers 2

1

Run the following commands to enable the required module for reverse proxy.

a2enmod proxy
a2enmod proxy_http

Also use these two lines in your configuration.

ProxyPass / http://localhost:8110/
ProxyPassReverse / http://localhost:8110/

check the apache logs to find the problem

0

Thanks for you answer, I added the last line but the ProxyPass / was already there. Both modules were already enabled (sorry for the missing info).

ProxyPassReverse / http://localhost:8110/

I still see the 403 in my logs

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .