Hello,
I have a similar setup as Arturo_Garza in his above post. The reverse proxy is set up on Digital Ocean and it’s been working great with two Laravel web apps configured under their own subdomains. These Laravel apps also have websockets set up using socket.io on port 6001. No issues there.
I’m using Apache and OpenVPN docker containers. OpenVPN provides the routing to the apps behind the proxy. I have ports 80, 443, and 6001 exposed on the Apache container.
When I set up Ignition in a similar manner, I can access the dashboard, but Perspective projects get stuck on the loading screen. In the web console I get the following with an expand icon to the left:
GET wss://subdomain.FQDN.com/system/pws/samplequickstart/103fc65b?token=qEuXr2IuxxJxJJHiCYPVeNgIX4jRoVP0ukKrBjAE8Wo
When I expand the request I see that it’s returning an HTTP 405 (Method Not Allowed) response.
After that I get the following console error:
Firefox can’t establish a connection to the server at wss://subdomain.FQDN.com/system/pws/samplequickstart/103fc65b?token=DxqTL-0DoRP7l_um66ZpFj6LZJH6brxX97pqeSu2w9s.
Sometimes I also get the following console message:
store.Idle: Error sending client activity message: TypeError: this.webSocket is undefined
I’m running Ignition unsecured on port 80 and that is connected to the reverse proxy via an outbound OpenVPN connection. SSL is setup on the reverse proxy with Let’s Encrypt. This is the same way I have the two Laravel apps set up.
The Perspective projects work fine on the LAN. In the network tab I can see the websocket request that fails via reverse proxy with an HTTP status of 101 (Switching Protocols).
Apache config:
<VirtualHost *:80>
ServerName subdomain.FQDN.com
ServerAlias www.subdomain.FQDN.com
ServerAdmin me@domain.com
RequestHeader set X-Forwarded-Proto “https”
<Location />
Redirect / https://subdomain.FQDN.com/
</Location>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443 *:6001>
ServerName subdomain.FQDN.com
ServerAlias www.subdomain.FQDN.com
ServerAdmin me@domain.com
DocumentRoot /usr/local/apache2/domain
# I've also tried removing this block. No difference.
<Directory "/usr/local/apache2/domain">
Order allow,deny
AllowOverride All
Allow from all
Require all granted
</Directory>
LogLevel error
ErrorLog logs/FQDN-subdomain-error.log
CustomLog logs/FQDN-subdomain-access.log combined
ProxyPreserveHost On
SSLProxyEngine On
SSLEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire Off
SSLCertificateFile /usr/local/apache2/conf/cert.pem
SSLCertificateChainFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
ProxyPass / http://10.253.0.11/ retry=0
ProxyPassReverse / http://10.253.0.11/
RewriteEngine On
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* wss://10.253.0.11%{REQUEST_URI} [P]
</VirtualHost>
</IfModule>
proxy_wstunnel is enabled
Any help is greatly appreciated.
Update:
I figured it out. I needed to change the RewriteCond and RewriteRule to the following:
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteRule .* ws://10.253.0.11%{REQUEST_URI} [P]
I’m guessing wss is for if you have SSL set up on the Ignition Gateway and ws is the unsecured protocol that goes over port 80. If it’s set to wss, it tries to do the protocol upgrade on port 443 on the Gateway, which isn’t set up and results in the http 403 response.