OpenLiteSpeed Websocket & Chatwoot

[devfatmoves]

OS: Ubuntu 20 OpenLiteSpeed 1.7.16 Cyberpanel: 2.3 Build 2

Hey,

i am struggling with setting up a right configuration to let OpenLiteSpeed work with Chatwoot.

Chatwoot's client integration tries to connect with websocket via following request: wss://domain/cable. The access log returns code 101 for accepting the upgrade request. And than there is NOTHING. The request seems to end in a blockhole.

I have tried a lot to achieve a request which could reach the backend but nothing helped.

backend is running on port 3001 which i want to reach.

Configuration for proxy which works fine. Frontend and backend of Chatwoot are communicating.

extprocessor backend { type proxy address http://127.0.0.1:3001 maxConns 1000 pcKeepAliveTimeout 3200 initTimeout 60 retryTimeout 10 respBuffer 0 }

context / { type proxy handler backend

accessControl { allow * } addDefaultCharset on defaultCharsetCustomized utf-8 enableIpGeo 0 }

For the websocket i have tried also a lot of tricks like:

htaccess rules: RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteCond %{REQUEST_URI} ^/cable RewriteRule /(.*) wss://wssbackend/$1 [P] and some more variations. But it is not redirecting to backend.

If i try to connect with a websocket test tool directly to the port like: wss://domain:3001/cable The backend tells me that this this request is not secure and well format (because some headers are missing and its bypassing ssl). This response let me know that all other trials just did not redirect the wss request to backend the right way.

I also have tried to use the websocket option of OpenLiteSpeed without success

websocket /cable { address 127.0.0.1:3001 }

websocket /{ address 127.0.0.1:3001 }

Are there any other possibilities?

[c-dus]

Were you able to find a solution?

[Lvshujun0918]

When using other project with wss, I have got similar error. It seems that we can only use Nginx to proxy when using wss. Also waiting for solution.

[litespeedtech]

Looks like your backend is ws:// instead of wss://, as SSL is terminated by the web server level, so, try ws:// instead of wss:// in the target URL. If does not work, may need to turn on debug log to find out what happened.

[Lvshujun0918]

Maybe ws:// works, but I really couldn't use it. I am running on a HTTPS page, if I establish a ws:// connection, it will close with a mix-security error.

[Lvshujun0918]

Looks like your backend is ws:// instead of wss://, as SSL is terminated by the web server level, so, try ws:// instead of wss:// in the target URL. If does not work, may need to turn on debug log to find out what happened.

I don't have a log file. But I have an exmaple in the project "code-server"(you can also find it on Github). When I use an domain to proxy the project[like example.com->port 3000(which it is running on)], because it also require an wss establish, so I also enable websocket proxy in the admin planel. But soon I got "1006(close)" error. I have checked the issue in that project, and found many people using Nginx and Apache got same error. As for solution, they mentioned the front will send extra header to auth, if it was thrown, the connection won't establish. They only gave solution for Nginx and Apache, and I no idea how to fix on Litespeed.

---

Below are the solutions. Nginx: set this in the config file.

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;

Apache: I was able to resolve the issue by updating apache2 to Apache/2.4.53 — however, I believe any version >= Apache/2.4.47 may work.

I was experiencing websocket 1006 errors on Apache/2.4.41

Apache's mod_proxy_wstunnel documentation mention this:

Since httpd 2.4.47, mod_proxy_http can handle WebSocket upgrading and tunneling in accordance to RFC 7230, this directive controls whether mod_proxy_wstunnel should hand over to mod_proxy_http to this, which is the case by default.

Setting to Off lets mod_proxy_wstunnel handle WebSocket requests as in httpd 2.4.46 and earlier.

The grammar is a bit off, but I just assumed Apache was handling the websocket proxy incorrectly and I updated apache.

Hope this helps!

---

I think this is an error caused by websocket proxy. May you help?

[Lvshujun0918]

Oh, when I use IP+Port to access that project, it works perfect, the wss://(why is wss, because I have use Self-Signed Certificate and trust it) also can be established.

[ZachHandley]

Oh, when I use IP+Port to access that project, it works perfect, the wss://(why is wss, because I have use Self-Signed Certificate and trust it) also can be established.

Can you be more specific? I'm running an Appwrite instance (https://appwrite.io) on port 6980 and 6943 (http/https) and can't figure out the websocket connection

[Lvshujun0918]

Oh, when I use IP+Port to access that project, it works perfect, the wss://(why is wss, because I have use Self-Signed Certificate and trust it) also can be established.

Can you be more specific? I'm running an Appwrite instance (https://appwrite.io) on port 6980 and 6943 (http/https) and can't figure out the websocket connection

It's a really useless solution. Just access your website through IP (like (Origin) example.com -> 1.1.1.1:1234), and use IP SSL Certificate, so that it can establish wss:// connection. It can never be used in production environment and is a really bad solution.

[Lvshujun0918]

Looks like your backend is ws:// instead of wss://, as SSL is terminated by the web server level, so, try ws:// instead of wss:// in the target URL. If does not work, may need to turn on debug log to find out what happened.

Any idea about this?

[Lvshujun0918]

Hello @litespeedtech?