Re: Status code 403 Forbidden issue for websocket creation using WSS protocol
Hello Chris, Thank you for the response.I am using a self signed certificate. How to make httpd trust the certificate that Tomcat is presenting? Nishant On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Nishant, > > On 3/9/17 1:16 PM, nishant singh wrote: > > I am creating a websocket connection to server using "wss" > > protocol from client. I have configured apache as proxy(mod proxy > > and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf > > file) to my tomcat server. In apache VirtualHost for port 443 is > > created.Attached is Apache httpd.conf file for reference.Tomcat > > connector for ssl is mentioned below. I am getting response status > > code 403 Forbidden for websocket request sent from client using > > "wss" protocol. The same set-up works fine using "ws" protocol > > websocket connection on port 80 of apache proxied to port 8080 of > > tomcat.I assume that SSL handshake is failing in this scenario. > > Please suggest the solution. > > Does httpd trust the certificate that Tomcat is presenting when httpd > connects to Tomcat using TLS? > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYwaFYAAoJEBzwKT+lPKRYhckP/jN5Ic4B9VP8pdP/Cm4XduG9 > OB/SZdXee8VvY4UpmTIsM+SfduOxPAilFiv4v4QrvEsoipE0ofzvsBjnFB5t468g > rmagK10r/DcTLIu2SD4R9HeNmcDocWx6mUvePNfpTzIXIn0vZPCn7blCPGatUyQ0 > 6sdMKYWG/PhTRkFniGJGfbJ7rtYpbxUpBm+qbkQ0MGev+yos4Z7A5G4LSzt8KFtv > N0mCKhvWrviUru71fqRv9mr2HLv+nv5t0SRYY03egbP2AqlYaot2VWzijwU96wbZ > OdUoHwrjmQ5SjOKJFYA7QM2KmXAo+zClI2zgSQYt3cDtxGjobGlOQhiUmj/lrpnC > +wbY3ftPiMT3aV5vWuSSNLIbXFnxba3TFEgFA4VvyPOMPqFdY76tJvaRuEyO92/h > 2kdnjQb13ZE5eaABnN2G/OKUJGs0PxOcVY3xW+4L0BDrVZ+HFjTwvWb1PccJhtPP > EMmM6AQYlrYtEwOP59K6a2922C6rKKNVY+lvla5JlRlBVGmeH+6aAMS/evYDf/C5 > eT6m+jhfBYCw0qh1NCdAQMnG8lX4WEvE4j4Ze38OAHLFIu1Rj5zXFhiq/71cm2cg > YYAD4f2l8ZYucWo331sHSzHJlflb8qyb1DgtwjfTlX26GMhYTdB7NlDHn83qld9e > HVjhVZMoyB+TSIN7/ant > =8kml > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Status code 403 Forbidden issue for websocket creation using WSS protocol
Hi,
I am creating a websocket connection to server using "wss" protocol from
client. I have configured apache as proxy(mod proxy and
mod_proxy_wstunnel.so module is enabled in Apache httpd.conf file) to my
tomcat server. In apache VirtualHost for port 443 is created.Attached is
Apache httpd.conf file for reference.Tomcat connector for ssl is mentioned
below. I am getting response status code 403 Forbidden for websocket
request sent from client using "wss" protocol. The same set-up works fine
using "ws" protocol websocket connection on port 80 of apache proxied to
port 8080 of tomcat.I assume that SSL handshake is failing in this
scenario. Please suggest the solution.
Tomcat version:-9.0.0.M13
Apache version:- 2.4.23
==in Tomcat Server.xml connector configuration on port 443==
==Chrome debugger trace for this Request
[image: Inline image 1]
===sample websocket code for request creation From client
==
this.websocket = new
WebSocket("wss://localhost:443/NG/nmsgServletApp/wsHandler/");
this.websocket.onopen = (evt) => {
this.websocket.send("Hello Nishant");
};
//nmsgServletApp:--> is my application name which is deployed in tomcat
//wsHandler:--> is the server side websocket handler mapping name
//NG:--> Proxy token for web-application deployed in Tomcat
Apache virtual port configuration for request proxy to
tomcat===
SSLCertificateFile ../certificate.pem
SSLCertificateKeyFile ../privkey.pem
ServerAdmin a...@localhost.com
ServerName "localhost"
SSLEngine on
SSLProxyEngine on
SecRuleEngine On
ProxyRequests Off
/*Below is Proxy configuration for above web-application deployed in Tomcat
*/
* ProxyPass /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler*
*ProxyPassReverse /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler *
*ProxyPass /NG https://localhost:8443/
