在Apache的mod_proxy_wstunnel后面使用go-websocket

huangapple go评论94阅读模式
英文:

Using go-websocket behind Apache mod_proxy_wstunnel

问题

注意:更新了配置并在websocket路径后添加了斜杠。问题仍然存在。

是否可以在Apache反向代理中使用go-websocketmod_proxy_wstunnel

我尝试过,但无法使其正常工作。

我尝试在Apache反向代理(启用了mod_proxy_wstunnel)后面使用Chat示例,但它不起作用。代理是成功的,但websocket部分根本不工作。

我的Apache配置类似于以下内容:

<VirtualHost *:80>
    DocumentRoot /var/www/foobar
    ServerName foobar.com
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /ws/ ws://localhost:8080/ws/
    ProxyPassReverse /ws/ ws://localhost:8080/ws/
    ErrorLog logs/error_log-foobar
    CustomLog logs/access_log-foobar common
    LogLevel debug
</VirtualHost>

当然,我在8080端口上运行聊天服务器。我已经使用SSH隧道进行了测试,一切正常。然后我转向了Apache。

第一次尝试时,javascript控制台报错如下:

NetworkError: 403 Forbidden - http://foobar.com/ws/

请求似乎被卡在了源检查处。
然后我尝试将源检查注释掉后再次尝试,得到了以下错误:

NetworkError: 400 Bad Request - http://foobar.com/ws/

似乎聊天服务器根本没有收到升级请求。

我应该如何调试这个问题?
我应该从哪里开始查找?

英文:

Note: Updated config and added trailing slash to websocket path. Still same problem

Is it possible to use go-websocket behind a Apache reverse proxy with mod_proxy_wstunnel?

I tried and failed to get things working.

I tried to use the Chat example behind an Apache reverse proxy (with mod_proxy_wstunnel enabled). And it doesn't work. The proxy is a success, while the websocket part does not work at all.

My Apache config looks similar to this:

&lt;VirtualHost *:80&gt;
    DocumentRoot /var/www/foobar
    ServerName foobar.com
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    ProxyPass /ws/ ws://localhost:8080/ws/
    ProxyPassReverse /ws/ ws://localhost:8080/ws/
    ErrorLog logs/error_log-foobar
    CustomLog logs/access_log-foobar common
    LogLevel debug
&lt;/VirtualHost&gt;

And of course I'm running the chat server on port 8080. I've tested it with SSH tunnel, and things work perfectly. Then I moved on to Apache.

The first time I tried, the javascript console complains this:

NetworkError: 403 Forbidden - http://foobar.com/ws/

The request seems to be stucked at the origin check.
Then I tried again after comment out the origin check, it get this:

NetworkError: 400 Bad Request - http://foobar.com/ws/

It seems the chat server do not get the upgrade request at all.

How should I debug this?
Where should I start looking?

答案1

得分: 19

谢谢大家!在采纳了上面的几条建议后,我找到了解决办法。

对于可能遇到类似问题的人,这是我问题的解决方案:

  1. 正如Aralo建议的那样,必须在WebSocket路径中添加尾部斜杠(在我的情况下是"/ws/")。看起来Apache只会处理有效的GET请求的WebSocket。

  2. James Henstridge是正确的。ProxyPass的顺序很重要。/ws/的ProxyPass必须放在/行之前。

  3. 在查看了聊天示例代码后,我发现在函数ServeWs()中有一个源检查,我将其删除了。

现在一切都正常了。

还要感谢covener,查看日志确实有帮助。

英文:

Thanks everyone! After taking several advices above, I found the solution.

And for someone who might have similar issue, here is the solution to my question:

  1. As Aralo suggested, trailing slash must be added to the WebSocket path (in my case: "/ws/"). It looks Apache will only handle WebSocket with a valid GET request.

  2. James Henstridge was right. The order of ProxyPass relevant. ProxyPass of /ws/ must be put before the / line.

  3. After consulting the Chat example code, I found an origin check in the function ServeWs() and removed.

Everything works now.

And thanks covener, reading logs does help.

答案2

得分: 9

我正在使用CentOS 7上的Apache 2.4.18后面的Go安全WebSocket(wss://)服务器。以下是设置:

确保系统安装了mod_proxy_wstunnel模块:

# find /usr/lib64/httpd/modules/ | grep ws

/usr/lib64/httpd/modules/mod_proxy_wstunnel.so

在00-proxy.conf中添加以下行:

# vim /etc/httpd/conf.modules.d/00-proxy.conf

LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

重启Apache:

# systemctl restart httpd

检查设置:

# httpd -M | grep -iE 'proxy'

 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)

编辑httpd-vhosts.conf:

# vim /etc/httpd/conf.d/httpd-vhosts.conf

<VirtualHost *:443>
    ServerName go.mydomain.com:443

    ProxyPreserveHost On
    ProxyRequests off

    SSLProxyEngine On
    SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
    SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"

    ### 配置的ProxyPass和ProxyPassMatch规则按照配置的顺序进行检查。第一个匹配的规则生效。
    ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1

    ProxyPass / https://192.168.0.1:443/
    ProxyPassReverse / https://192.168.0.1:443/

    ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
    CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerName go.mydomain.com:80

    ProxyPreserveHost On
    ProxyRequests off

    ###
    ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1

    ProxyPass / http://192.168.0.1:80/
    ProxyPassReverse / http://192.168.0.1:80/

    ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
    CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>
英文:

I am using Go secure WebSocket (wss://) server behind Apache 2.4.18 on CentOS 7. Here are the settings:

Make sure the system has mod_proxy_wstunnel:

# find /usr/lib64/httpd/modules/ | grep ws

/usr/lib64/httpd/modules/mod_proxy_wstunnel.so

Add the following line in 00-proxy.conf:

# vim /etc/httpd/conf.modules.d/00-proxy.conf

LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Restart Apache:

# systemctl restart httpd

Check the setting:

# httpd -M | grep -iE 'proxy'

 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)

Edit httpd-vhosts.conf:

# vim /etc/httpd/conf.d/httpd-vhosts.conf

&lt;VirtualHost *:443&gt;
    ServerName go.mydomain.com:443

    ProxyPreserveHost On
    ProxyRequests off

    SSLProxyEngine On
    SSLCertificateFile &quot;/etc/pki/tls/certs/mydomain.com/mydomain.crt&quot;
    SSLCertificateKeyFile &quot;/etc/pki/tls/certs/mydomain.com/mydomain.key&quot;

    ### The configured ProxyPass and ProxyPassMatch rules are checked
    ### in the order of configuration. The first rule that matches wins.
    ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1

    ProxyPass / https://192.168.0.1:443/
    ProxyPassReverse / https://192.168.0.1:443/

    ErrorLog &quot;/var/log/httpd/go.mydomain.com-error_log&quot;
    CustomLog &quot;/var/log/httpd/go.mydomain.com-access_log&quot; common
&lt;/VirtualHost&gt;

&lt;VirtualHost *:80&gt;
    ServerName go.mydomain.com:80

    ProxyPreserveHost On
    ProxyRequests off

    ###
    ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1

    ProxyPass / http://192.168.0.1:80/
    ProxyPassReverse / http://192.168.0.1:80/

    ErrorLog &quot;/var/log/httpd/go.mydomain.com-error_log&quot;
    CustomLog &quot;/var/log/httpd/go.mydomain.com-access_log&quot; common
&lt;/VirtualHost&gt;

huangapple
  • 本文由 发表于 2013年9月13日 18:57:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/18784658.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定