I'm trying to configure apache server 2.4.6 the newest version that support websocket proxy.
I got non-secure websocket connection to work as expected and HTTPS proxy working as well[this to remove SSL config as the root cause] But my wss:// connection fails. While troubleshooting with wireshark i learned that on wss:// connection is made via plain text.
Here's my apache configuration:
<VirtualHost *:4043>
ServerName cbscclrd.ca.wm.com
LogLevel debug
ErrorLog "/apps/apache/httpd-2.4.6/logs/errorSSL_log"
TransferLog "/apps/apache/httpd-2.4.6/logs/access_log"
SSLCertificateFile "/apps/FXD1D2/SSLKeyStore/sdpssl_cert-dev.cer"
SSLCertificateKeyFile "/apps/FXD1D2/SSLKeyStore/sdp-private-key-no-password.pem"
SSLCACertificateFile "/tmp/Apache-PKG/CAchain.pem"
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / wss://cbscclrd.ca.wm.com:443 retry=0 keepalive=On
ProxyPassReverse / wss://cbscclrd.ca.wm.com:443 retry=0
</VirtualHost>
When the connection initiated to wss://cbscclrd.ca.wm.com:443 it's plaintext format hence the server listening on "cbscclrd.ca.wm.com:443" rejects the connection with the following error message;javax net ssl SSLException
Any help will be greatly appreciated.
This is a bug in mod_proxy_wstunnel. It will always send plaintext to the backend server regardless of the url scheme (ws:// or wss://).
The bug is reported here: https://issues.apache.org/bugzilla/show_bug.cgi?id=55320
The bugfix is rather simple (and provided in the bug report). So if you really need the wss:// backend communication, you might want to apply it yourself & rebuild the module.