I have implemented/tried to implement a websocket for communcation between users on an ec2 instance running linux with an apache webserver. I had it working when i first configured it where my ratchet websocket pointed to port 8081 without any TLS. With this configuration i was able to upgrade to a websocket and send/recieve data - through a non secure websocket. This was only possible through the ip address though and not through the actual url. I am running the websocket at a subdomain.
<VirtualHost *:443> DocumentRoot "/var/www/html/video" ServerName video.domain.com SSLEngine on SSLCertificateFile ./certs/server.crt SSLCertificateKeyFile ./certs/server.key # ProxyPass /ratchet/ ws://video.domain.com:8081/ <Directory "/var/www/html/video"> AllowOverride All Require all granted </Directory> </VirtualHost>
The above solution works when i use the ip based websocket connection to connect to the websocket through the JS websocket API.
I have tried both WSS, WS, with and without ports etc for the websocket API but still the beneath written code is the only i can get to work.
let socket = new WebSocket("ws://server_ip:8081");
I have read a lot of stackoverflow questions regarding adding a proxypass to the VH but it doesn't upgrade the request. Furthermore, i have tried to create it's own virtualhost and that doesn't work either.
I think it's worth to mention i have a cloudflare CDN the requests are proxied through. Hope to get some fresh eyes. Been stuck for a while.
I do not have enough rep for a comment, so answer it is.
It has been a while since I have dabbled into this stuff, and my first thought was that you indeed need a ProxyPass, but when I looked at my config this is not the case.
I'm going out on a limb and guess that your VH is the issue here, you are explicitly listening on port 443(https) but I believe wss has another port it listens on, so maybe you could try another port. Other than that you could also try to do
new WebSocket('https://video.domain.com') and enable the proxy in the VH, this way the secure connection is handled by the http layer. But since the browser will then try to upgrade the request to a socket I doubt this will work.
I should mention that in my case I used websockets to open an mqtt connection, since browser don't implement mqtt this is done via wss.
If non of this works I could try to dive deeper into the inner workings of the mqtt lib I use in order to dissect how the connection is set up.
I hope any of this helps :D
since there was not enough space in the comments I'll place it here:
not related to sockets but to apache and proxies: the
ProxyPass directive has a counterpart
ProxyPassReverse for that very goal.
<virtualhost IPv4:443 [IPv6]:443> Servername knowledge.domain.com:443 ServerAlias knowledge.domain.com ServerAdmin firstname.lastname@example.org DocumentRoot /path/to/documentRoot <Directory /path/to/documentRoot> Options -Indexes -FollowSymLinks -SymLinksIfOwnerMatch </Directory> SSLEngine On SSLCertificateFile /path/to/ssl.crt SSLCertificateKeyFile /path/to/ssll.key SSLCACertificateFile /path/to/ssll.cer Header always set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload" Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure" ProxyRequests Off ProxyPreserveHost On ProxyVia Full <Proxy *> Require all granted </Proxy> <Location /> ProxyPass http://127.0.0.1:3000/ ProxyPassReverse http://127.0.0.1:3000/ </Location> <Directory /> Options -FollowSymLinks -Indexes -SymLinksIfOwnerMatch </Directory> CustomLog "/path/to/logs/access.log" combined ErrorLog "/path/to/logs/error.log" LogLevel warn </virtualhost>
this is an example of my proxy conf for a nodejs app