Wednesday, June 1, 2016

Setting golang secure WebSocket server behind Apache 2.4

Setting golang secure WebSocket server behind Apache 2.4

Make sure the system has mod_proxy_wstunnel:

# find /usr/lib64/httpd/modules/ | grep ws

/usr/lib64/httpd/modules/mod_proxy_wstunnel.so

Add the following line in 00-proxy.conf:

# vim /etc/httpd/conf.modules.d/00-proxy.conf

LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Restart Apache:

# systemctl restart httpd

Check the setting:

# httpd -M | grep -iE 'proxy'

 proxy_module (shared)
 proxy_fcgi_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)

Edit httpd-vhosts.conf:

# vim /etc/httpd/conf.d/httpd-vhosts.conf

<VirtualHost *:443>
    ServerName go.mydomain.com:443

    ProxyPreserveHost On
    ProxyRequests off

    SSLProxyEngine On
    SSLCertificateFile "/etc/pki/tls/certs/mydomain.com/mydomain.crt"
    SSLCertificateKeyFile "/etc/pki/tls/certs/mydomain.com/mydomain.key"

    ### The configured ProxyPass and ProxyPassMatch rules are checked
    ### in the order of configuration. The first rule that matches wins.
    ProxyPassMatch ^/(ws(/.*)?)$ wss://192.168.0.1:443/$1

    ProxyPass / https://192.168.0.1:443/
    ProxyPassReverse / https://192.168.0.1:443/

    ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
    CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerName go.mydomain.com:80

    ProxyPreserveHost On
    ProxyRequests off

    ###
    ProxyPassMatch ^/(ws(/.*)?)$ ws://192.168.0.1:80/$1

    ProxyPass / http://192.168.0.1:80/
    ProxyPassReverse / http://192.168.0.1:80/

    ErrorLog "/var/log/httpd/go.mydomain.com-error_log"
    CustomLog "/var/log/httpd/go.mydomain.com-access_log" common
</VirtualHost>

Reference:

https://www.softwareab.net/wordpress/websockets-centos-6-apache-2-4/

http://stackoverflow.com/questions/17649241/reverse-proxy-with-websocket-mod-proxy-wstunnel

https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass

No comments: