search

crotwell / seisplotjs

Javascript modules for parsing, manipulating and plotting seismic data.
http://crotwell.github.io/seisplotjs/
MIT License
62 stars 7 forks source link

Apache Settings for Websocket Over SSL Connection #22

Closed ptrian closed 1 year ago

ptrian commented 1 year ago

I am not sure where I have to file this issue, so please forgive me and let me know if it's not the right place:

I have a server (server.name.com) which is running ringserver (v.2020.075) and listens to port 16000. I use seisplotjs_3.0.0_standalone.mjs and I have modified the appropriate realtime js accordingly, in order to connect to "ws://server.name.com:16000/datalink". Thus, when I visit http://server.name.com/realtime/, I am able to display real time waveforms as expected. Apache at server.name.com redirects everything (except /realtime directory) from http to https over SSL. I need do the same also for the /realtime directory (which is for the moment excluded) and see the waveforms by visiting https://server.name.com/realtime/

So the question is: What are the changes that need to be made in apache configuration (e.g. realtime.conf) and realtime.js in order to achieve this?

My latest unsuccessful try (among others): realtime.js: "wss://server.name.com:16000/datalink" as well as “wss://server.name.com/datalink” and apache realtime.conf:

<VirtualHost *:443>
  ServerName server.name.com
  RewriteEngine On
  RewriteCond ${HTTP:Upgrade} websocket [NC]
  RewriteCond ${HTTP:Connection} upgrade [NC]
  RewriteRule "/realtime(.*)" "wss://%{HTTP_HOST}:16000%{REQUEST_URI}" [P,L]
  ProxyPass "/realtime" "https://server.name.com:16000/"
  ProxyPassReverse "/realtime" "server.name.com:16000/"
  ProxyRequests off
</VirtualHost>

Any help would be highly appreciated. Thanks in advance.

crotwell commented 1 year ago

Not an Apache expert, but I think you are proxying inbound https to the ringserver over https, but what you need to do is take inbound https and send to the ringserver on port 16000 over http or ws.

I have something like this, in my case /ringserver/datalink would be the websocket to send to ringserver. Not entirely sure this is right, but seems to work.

<IfModule mod_proxy.c>
        ProxyPassMatch "^/ringserver/(datalink)$" "ws://localhost:6382/$1"
        ProxyPassMatch "^/ringserver/(seedlink)$" "ws://localhost:6382/$1"
        ProxyPass "/ringserver" "http://localhost:6382"
        ProxyPassReverse "/ringserver" "http://localhost:6382"
 </IfModule>

You also need of course mod_proxy and mod_proxy_wstunnel.

ptrian commented 1 year ago

Thanks @crotwell for your prompt answer. I had seen the above solution from the wiki, but I couldn't make it work in my case. I guess I'm missing something.

crotwell commented 1 year ago

Is 16000 a ListenPort or DatalinkPort in your ringserver conf file? Websockets will only connect to ListenPort as DatalinkPort is only for datalink over raw sockets. ListenPort will allow the datalink protocol over websockets.

ptrian commented 1 year ago

It is ListenPort

crotwell commented 1 year ago

OK, not sure what else to suggest, except in your example pretty sure these two lines are incorrect:

  RewriteRule "/realtime(.*)" "wss://%{HTTP_HOST}:16000%{REQUEST_URI}" [P,L]
  ProxyPass "/realtime" "https://server.name.com:16000/"

as they are sending SSL traffic to the ringserver. Right hand side should be http and ws.

ptrian commented 1 year ago

I tried this too, just after your initial suggestion. If I remove the /realtime exception from apache configuration (i.e. everything redirected to https) and defining “wss://server.name.com/datalink” in realtime.js, I keep receiving: WebSocket connection to 'wss://server.name.com/datalink' failed.

crotwell commented 1 year ago

One other check, does this URL work in your browser:

http://server.name.com:16000/id

If so, then you probably have Apache misconfigured. If not, then likely ringserver is misconfigured.

You can also of course try

http://server.name.com/ringserver/id

which doesn't tell you if the websocket proxy is working, but will tell you if http proxy is.

Beyond that, I don't know what else to suggest.

ptrian commented 1 year ago

http://server.name.com:16000/id reply is:

ringserver/2020.075
Organization: Organization_Name

/ringserver is not exposed at all through web, therefore not accessible.

crotwell commented 1 year ago

Whatever url you configure, ie http://server.name.com/realtime/id

That may be part of your problem, you said you tried seisplotjs with:

wss://server.name.com/datalink

but your apache config redirects /realtime/datalink ,so maybe try

wss://server.name.com/realtime/datalink

`

ptrian commented 1 year ago

I tried this too, but can't make it work. I get: "WebSocket connection to 'wss://server.name.com/realtime/datalink" failed:

http://server.name.com/realtime/id fails, only http://server.name.com:16000/id responds.

I 'm afraid that I 'm missing something with apache configuration, while ringserver must be OK (more or less).

crotwell commented 1 year ago

Your config is all for port 443, so do you get a success for https to /id?

https://server.name.com/realtime/id
ptrian commented 1 year ago

As I said /realtime is excluded from https in apache configuration. If I remove the exception (which is the objective), then

for https://server.name.com/realtime/id I get Not found

for https://server.name.com/realtime I get WebSocket connection to 'wss://server.name.com/realtime' failed

crotwell commented 1 year ago

Closing this as I feel this is an Apache configuration issue, not directly a seisplotjs one. Please reopen if you feel differently and good luck.