httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jamie Johnson <jej2...@gmail.com>
Subject Re: Configuring proxy_wstunnel_module on trunk
Date Fri, 29 Mar 2013 17:48:13 GMT
I know this thread had been dead for a bit, but should proxying requests
from wss:// to an apache tomcat server using wss:// work?  From the logs
(included below) it appears that the ws proxy tunnel is picking up and
making the connection, but then it disconnects.  I've tried to add some
logging to tomcat, but I am not seeing the request hit the tomcat server,
should this work or is there something else that needs to be done config
wise (also included below)?

[Fri Mar 29 17:23:20.386068 2013] [ssl:info] [pid 29972:tid 47105066768704]
[client 10.81.1.12:64038] AH01964: Connection to child 2 established
(server hostname:443)
[Fri Mar 29 17:23:20.401204 2013] [ssl:debug] [pid 29972:tid
47105066768704] ssl_engine_kernel.c(1899): [client 10.81.1.12:64038]
AH02041: Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Fri Mar 29 17:23:20.418721 2013] [ssl:debug] [pid 29972:tid
47105066768704] ssl_engine_kernel.c(216): [client 10.81.1.12:64038]
AH02034: Initial (No.1) HTTPS request received for child 2 (server
hostname:443)
[Fri Mar 29 17:23:20.418762 2013] [authz_core:debug] [pid 29972:tid
47105066768704] mod_authz_core.c(799): [client 10.81.1.12:64038] AH01626:
authorization result of Require all granted: granted
[Fri Mar 29 17:23:20.418773 2013] [authz_core:debug] [pid 29972:tid
47105066768704] mod_authz_core.c(799): [client 10.81.1.12:64038] AH01626:
authorization result of <RequireAny>: granted
[Fri Mar 29 17:23:20.418821 2013] [proxy:debug] [pid 29972:tid
47105066768704] mod_proxy.c(1081): [client 10.81.1.12:64038] AH01143:
Running scheme wss handler (attempt 0)
[Fri Mar 29 17:23:20.418833 2013] [proxy_http:debug] [pid 29972:tid
47105066768704] mod_proxy_http.c(1909): [client 10.81.1.12:64038] AH01113:
HTTP: declining URL wss://hostname:8443/alert/event
[Fri Mar 29 17:23:20.418841 2013] [proxy_wstunnel:debug] [pid 29972:tid
47105066768704] mod_proxy_wstunnel.c(331): [client 10.81.1.12:64038]
AH02451: serving URL wss://hostname:8443/alert/event
[Fri Mar 29 17:23:20.418850 2013] [proxy:debug] [pid 29972:tid
47105066768704] proxy_util.c(2011): AH00942: WSS: has acquired connection
for (hostname)
[Fri Mar 29 17:23:20.418859 2013] [proxy:debug] [pid 29972:tid
47105066768704] proxy_util.c(2089): [client 10.81.1.12:64038] AH00944:
connecting wss://hostname:8443/alert/event to hostname:8443
[Fri Mar 29 17:23:20.418869 2013] [proxy:debug] [pid 29972:tid
47105066768704] proxy_util.c(2218): [client 10.81.1.12:64038] AH00947:
connected /alert/event to hostname:8443
[Fri Mar 29 17:23:20.418914 2013] [proxy:debug] [pid 29972:tid
47105066768704] proxy_util.c(2453): AH00951: WSS: backend socket is
disconnected.


<VirtualHost _default_:443>

  ErrorLog "/usr/local/apache2/logs/error_log"
  TransferLog "/usr/local/apache2/logs/access_log"

  SSLEngine on
  SSLProxyEngine on

  ProxyPreserveHost on
  ProxyRequests off

  ProxyPass /event wss://hostname:8443/alert/event
  ProxyPassReverse /event wss://hostname:8443/alert/event
  ...
</VirtualHost>


On Mon, Mar 18, 2013 at 7:46 PM, Nathan Quinlan <nathan.quinlan@gmail.com>wrote:

> mod_reqtimeout
>
> Once disabled the websockets are fine.
>
>
> On 2013-03-18, at 1:50 PM, Jim Jagielski wrote:
>
> > I cannot recreate either. Anything in the log (debug level) which
> > may be pertinent?
> >
> > On Mar 18, 2013, at 12:43 PM, Jamie Johnson <jej2003@gmail.com> wrote:
> >
> >> I haven't done any serious testing but haven't seen this in my simple
> application.  I will try to duplicate the issue with the snakes example and
> see where I land.
> >>
> >> Perhaps this is something that one of the devs can shed more light on
> though.
> >>
> >>
> >> On Mon, Mar 18, 2013 at 11:59 AM, Nathan Quinlan <
> nathan.quinlan@gmail.com> wrote:
> >> Seems to work fine with the correct Location settings. ;)
> >>
> >> However I have found that when proxying to Tomcat 7 (what I'm testing
> with) the tunnel lasts for about 20 seconds or so and then terminates.
> >> After a few reloads it appears as though Tomcat still has the socket
> open (as timeout I setup to be 5 minutes) but the connection appears to be
> failing in httpd.
> >>
> >> This connection shutdown appears to occur within httpd because when I
> apachectl -k restart the browsers connection resumes as expected.
> >> In this case I'm testing Tomcat's  /examples/websocket/snakes.html  and
> the player state hangs in < 30 seconds and browser thinks socket is closed
> BUT when restarting httpd   the connection resumes as far as Tomcat is
> concerned.
> >>
> >> I've taken a capture of the traffic using Wireshark for browser <->
> httpd  and there isn't anything odd in the last packet sent, it just stops.
> >>
> >> Any ideas?  The  approximate 20 second cut off seems odd and httpd is
> basically stock 2.4.4 compiled with the merged in wstunnel module.
> >>
> >> On 2013-03-18, at 7:29 AM, Jim Jagielski wrote:
> >>
> >>>   ProxyPass /whatever ws://websocket-srvr.example/com/
> >>>
> >>> Basically, the new submodule adds the 'ws' and 'wss' scheme
> >>> to the allowed protocols between the client and the backend, so
> >>> you tell Apache that you'll be talking 'ws' with the
> >>> backend (same as ajp://whatever sez that httpd will be
> >>> talking ajp to the backend).
> >>>
> >>> On Mar 17, 2013, at 9:52 AM, Jamie Johnson <jej2003@gmail.com> wrote:
> >>>
> >>>> I am able to duplicate your issue, not 100% sure what's happening
> there or if that configuration is supposed to be supported or not.  The
> following works fine though
> >>>>
> >>>> <Location /dynamic>
> >>>>   ProxyPass http://10.0.1.11:8080/WebSockets
> >>>>   ProxyPassReverse http://10.0.1.11:8080/WebSockets
> >>>> </Location>
> >>>> <Location /dynamic/ws>
> >>>>   ProxyPass ws://10.0.1.11:8080/WebSockets/ws
> >>>>   ProxyPassReverse ws://10.0.1.11:8080/WebSockets/ws
> >>>> </Location>
> >>>>
> >>>> would be good to hear exactly how this is expected to be configured,
> perhaps we're landing in the wrong portion of the code when they are in the
> same location?
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Sun, Mar 17, 2013 at 9:43 AM, Jamie Johnson <jej2003@gmail.com>
> wrote:
> >>>> So your setup is a little different than mine, I have the following
> and even with images it works
> >>>>
> >>>> ProxyPass /ws ws://10.0.1.11:8080/WebSockets/ws
> >>>>
> >>>> ProxyPassReverse /ws ws://10.0.1.11:8080/WebSockets/ws
> >>>>
> >>>>
> >>>> ProxyPass /test http://10.0.1.11:8080/WebSockets
> >>>>
> >>>> ProxyPassReverse /test http://10.0.1.11:8080/WebSockets
> >>>>
> >>>> I will try with a similar setup to yours now and see where I get.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> On Sun, Mar 17, 2013 at 9:19 AM, Jamie Johnson <jej2003@gmail.com>
> wrote:
> >>>> Hmmm...  I am only serving one html file in my test...I will add some
> more and see if I notice the same
> >>>>
> >>>> On Mar 17, 2013 8:57 AM, "Nathan Quinlan" <nathan.quinlan@gmail.com>
> wrote:
> >>>> I don't have any rewrite rules.
> >>>> <Location /dynamic>
> >>>>     #ProxyPass ajp://localhost:8009/dynamic
> >>>>     ProxyPass http://localhost:8080/dynamic
> >>>>     ProxyPass ws://localhost:8080/dynamic
> >>>>
> >>>> And
> >>>> Alias "/static" "/opt/sitestatic"
> >>>> <Directory "/opt/sitestatic">
> >>>>
> >>>> Now, with the ProxyPassReverse present about 50% of the files
> transfered get that 404 -as- served by Tomcat (based on Apache-Coyote/1.1
> header). Despite the URL being something like  /static/hello.jpg.
> >>>>
> >>>> On 2013-03-17, at 6:33 AM, Jamie Johnson wrote:
> >>>>
> >>>>> Also I have a different rewrite rule for http and ws...not sure
that
> is required though
> >>>>>
> >>>>> On Mar 17, 2013 6:31 AM, "Jamie Johnson" <jej2003@gmail.com>
wrote:
> >>>>> Definitely interesting.  I had gotten this working but I was only
> serving sine html through tomcat and I made the endpoints different while
> testing even though they were coming from the same application in
> tomcat...mine are birth being proxied as well no rewrite involved
> >>>>>
> >>>>> On Mar 17, 2013 12:35 AM, "Nathan Quinlan" <nathan.quinlan@gmail.com>
> wrote:
> >>>>> I do not know why but for some reason ProxyPassReverse doesn't play
> nice with Tomcat and I had to include an extra line for the ws: protocol.
> >>>>>
> >>>>> Additionally with the ProxyPassReverse present I would see crazy
> response 404 headers when loading say 30 small images on screen like:
> >>>>> Content-Length      1003
> >>>>> Content-Type        text/html;charset=utf-8
> >>>>> Date        Sun, 17 Mar 2013 04:09:28 GMT
> >>>>> Server      Apache-Coyote/1.1
> >>>>>
> >>>>> The interesting thing was that in this case the image being loaded
> had  a totally different URL (/a proxy to Tomcat,  /b static content) and
> was handled outside of Tomcat via a rewrite rule and a <Location>  but when
> the ProxyPassReverse was removed images were fine.
> >>>>> Images that were not 404 show up in the access_log of httpd  but
the
> 404 files with the crazy header do not.
> >>>>>
> >>>>>
> >>>>>
> >>>>> On 2013-03-16, at 12:37 PM, Jamie Johnson wrote:
> >>>>>
> >>>>>> I just took a quick stab and it was pretty straight forward,
I just
> added lines like this and it appeared to work properly
> >>>>>>
> >>>>>> ProxyPass /ws http://hostname:port/ws/websocket
> >>>>>> ProxyPassReverse /ws http://hostname:port/ws/websocket
> >>>>>>
> >>>>>> again, this appeared to work properly I am next going to be
giving
> SSL a try to see if things work properly with that.  If what I did above is
> not right any info would be appreciated.  Also should I expect the SSL
> support to work?
> >>>>>>
> >>>>>>
> >>>>>> On Sat, Mar 16, 2013 at 12:21 PM, Jamie Johnson <jej2003@gmail.com>
> wrote:
> >>>>>> I've just built the latest code on trunk to test proxy_wstunnel,
> but haven't seen any documentation on how to configure it.  Is this
> available anywhere?
> >>>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >>
> >
>
>

Mime
View raw message