Bug 1180745

Summary: mod_proxy_wstunnel not included in default apache config, does not work in conjunction with mod_rewrite, does not support ssl
Product: Red Hat Enterprise Linux 7 Reporter: RJ Bergeron <rbergero>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Martin Frodl <mfrodl>
Severity: unspecified Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 7.2CC: awilliam, dmasirka, dustin, isenfeld, jkaluza
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: httpd-2.4.6-32.el7 Doc Type: Enhancement
Doc Text:
*mod_proxy_wstunnel* now supports WebSockets The Apache HTTP *mod_proxy_wstunnel* module is now enabled by default and it includes support for SSL connections in the `wss://` scheme. Additionally, it is possible to use the `ws://` scheme in the `mod_rewrite` directives. This allows for using WebSockets as a target to `mod_rewrite` and enabling WebSockets in the proxy module.
 Story Points: ---
Clone Of:
: 1253396 (view as bug list) Environment:
Last Closed: 2015-11-19 04:37:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1253396    
Attachments:
Description Flags
patch against centos git repo to fix wss support, using wss as a target to mod_rewrite and enabling the websockets proxy module none

Description RJ Bergeron 2015-01-09 21:26:02 UTC 
Created attachment 978387 [details]
patch against centos git repo to fix wss support, using wss as a target to mod_rewrite and enabling the websockets proxy module

Description of problem:
for our application, using mod_proxy_wstunnel on el 7 revealed 3 problems:

1) not included in conf.modules.d/00-proxy.conf
2) mod_rewrite does not support proxy to ws:// URIs as a target
3) mod_proxy_wstunnel does not support SSL (wss://)

Version-Release number of selected component (if applicable):
httpd-2.4.6-18

How reproducible:
always

Steps to Reproduce:
1. install httpd
2. try using a config like the following in apache to proxy to a websockets application:

RewriteEngine on
RewriteRule ^/ws-app(.*) wss://localhost:3301/ws-app$1 [P]

assuming you have a websockets application on localhost:3301, you should be able to successfully proxy to it.

Actual results:
http request fails

Expected results:
connection proxied through http to actual websockets application

Additional info:
I have included a patch against the centos httpd sources - which AFAICT is the canonical place for this. Feel free to have it and mangle as needed.

https://bugzilla.redhat.com/show_bug.cgi?id=1180572 is possibly related to the module not being loaded problem.
Comment 7 Adam Williamson 2015-10-23 20:29:31 UTC 
For the record, has anyone checked this for Fedora?

wstunnel got turned on by default here:

http://pkgs.fedoraproject.org/cgit/httpd.git/commit/?id=91a2788bcecc45df329bd121a15ea7ec86285d82

but I don't think any of the other changes from this bug was applied, if any are relevant to the httpd in Fedora.
Comment 8 Dustin C. Hatch 2015-10-26 20:46:19 UTC 
The wss:// support patch was backported to httpd-2.4.10, while the oldest supported version of Fedora (21) has httpd-2.4.16, so that at least does not apply to Fedora.

The mod_rewrite support does not appear to have been backported to the 2.4 branch at all (https://bz.apache.org/bugzilla/show_bug.cgi?id=55598), and I do not see a patch for it in Fedora's package.
Comment 9 Jan Kaluža 2015-10-27 09:36:09 UTC 
mod_rewrite change in in 2.4 branch for long time: http://svn.apache.org/r1530032
Comment 10 Adam Williamson 2015-10-27 15:40:08 UTC 
Can you please backport the enabling of wstunnel by default to stable Fedoras (F23/F22/F21)? Something I'm packaging needs it enabled. Thanks!
Comment 12 errata-xmlrpc 2015-11-19 04:37:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2194.html