0

I run two servers behind and AEBS base station. Server1 runs 10.12.6 and Server 5.3.1 and does a REVERSE PROXY with webapps, like described by precursor.ca tutorial . This allows me to have only one external IP address where server1.mydomain and server2.mydomain get the distributed internally. This works ok.. but on server2 I run Filemaker Webdirect, that uses web sockets. So I get in the browser a wss:// error. I the web app I wrote;

from http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass

RewriteEngine On

RewriteCond %{HTTPS} =off
RewriteRule . - [E=protocol:http,E=port:80]
RewriteCond %{HTTPS} =on
RewriteRule . - [E=protocol:https,E=port:443]

SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPreserveHost On
ProxyPassReverse / http://1.2.3.4:443/
ProxyPass / http://1.2.3.4:443/
ServerName filemaker.precursor.ca

Obviously putting in my own IP address of server2 and its name..

However the web socket wss://server2.mydomain does not work.. and web direct fails.

I can login, but as soon as I open a wss connection it does not work anymore. .It is a apache mod_proxy error..

in the apache error log I read [Sun Apr 19 21:58:04.846046 2020] [proxy_http:error] [pid 598] (70008)Partial results are valid but processing is incomplete: [client 189.62.112.162:49213] AH01110: error reading response

in the browser I read 

WebSocket connection to 'wss://fmserver.embatek.com.br/fmi/webd/PUSH?v-uiId=1&v-pushId=341172cf-5d45-454d-972e-3029de5807fa&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.3.2.vaadin1-javascript&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true' failed: Unexpected response code: 500

Any hints on where to fiddle. Yours Pierre

Improve this question

2 Answers 2

Reset to default
1

It's been a long time, so it may have already been resolved.

I just hit the same problem. I used nginx in my environment, but it was solved by passing the following values to the server.

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;

The final code in nginx is as follows

upstream filemakerserver-webdirect-upstream {
  server xxxxxx.xxx:443;
}

server {
  listen 80;
  server_name yyyyyy.yyy;

  if ($host = yyyyyy.yyy) {
    return 301 https://$host$request_uri;
  }

  return 404;
}

server {
  listen 443 http2 ssl;
  server_name yyyyyy.yyy;

  location / {
    try_files $uri @filemakerserver-webdirect-upstream;
  }

  location @filemakerserver-webdirect-upstream {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_cache_bypass $http_upgrade;
    proxy_pass https://branch-office;
  }

  ssl_certificate /etc/letsencrypt/live/yyyyyy.yyy/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/yyyyyy.yyy/privkey.pem;
}

The following is an article I wrote about this in Japanese.

https://qiita.com/Hi_Noguchi/items/82bc17913b646bd6583f

I hope this helps in the apache environment.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I am using apache, and the secure connection stops at the proxy, so I guess you could modify the virtual host config I am using (below) by changing ws to wss, 80 to 443 etc if your FileMaker server is using a secure connection. 10.1.2.3 is the internal address of the FileMaker server. There might be some redundant stuff in here but it works

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName my.external.server.name

  RewriteEngine on
  RewriteCond ${HTTP:Upgrade} websocket [NC]
  RewriteCond ${HTTP:Connection} upgrade [NC]
  RewriteRule /(.*) "ws://10.1.2.3:80/$1" [P,L]

  # <Location />
    ProxyPreserveHost On

    ProxyPass "/fmi/webd/PUSH" "ws://10.1.2.3:80/fmi/webd/PUSH"
    ProxyPassReverse "/fmi/webd/PUSH" "ws://10.1.2.3:80/fmi/webd/PUSH"

    ProxyPass / http://10.1.2.3:80/
    ProxyPassReverse / http://10.1.2.3:80/

    # Order allow,deny
    # Allow from all
  # </Location>
SSLCertificateFile /etc/letsencrypt/live/my.external.server.name/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.external.server.name/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/my.external.server.name/chain.pem
</VirtualHost>
</IfModule>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.