Re: Status code 403 Forbidden issue for websocket creation using WSS protocol
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nishant, On 3/9/17 2:12 PM, nishant singh wrote: > Thank you for the response.I am using a self signed certificate. > How to make httpd trust the certificate that Tomcat is presenting? I think this is the directive you are looking for: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycacertificatef ile It's obscure in that it's a part of mod_ssl and not mod_proxy_*, so it's not entirely obvious that it's a configurable setting. Hope that helps, - -chris > On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Nishant, > > On 3/9/17 1:16 PM, nishant singh wrote: I am creating a websocket connection to server using "wss" protocol from client. I have configured apache as proxy(mod proxy and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf file) to my tomcat server. In apache VirtualHost for port 443 is created.Attached is Apache httpd.conf file for reference.Tomcat connector for ssl is mentioned below. I am getting response status code 403 Forbidden for websocket request sent from client using "wss" protocol. The same set-up works fine using "ws" protocol websocket connection on port 80 of apache proxied to port 8080 of tomcat.I assume that SSL handshake is failing in this scenario. Please suggest the solution. > > Does httpd trust the certificate that Tomcat is presenting when > httpd connects to Tomcat using TLS? > > -chris >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwbNnAAoJEBzwKT+lPKRY2msP/0Y+YzgBbQE1eXXqWxpmocsB xF7hNSwMIcMfzLxJGEBIostSlw3okhgQtBOL68Ql4OW0lC3PCp7mW+7hZd5MNb+A /iGltYiYr6OVfynYqGdrP98vaijUo6OLL9jbQI+fUBonNLrBB+6eh/S5/l4Bq/BC B/tJtA5q/eU6KLb/DJtNKugbryuJu7kJNF+2gYTp6vcgYXUZX4/ZLS4+rtGWHkHK jTz+hLJ2QDXUK5INrsEvusie8jeknj0rVq3b2IfUqBxJv5lWGzG9rCWt9vlKS/xp VaVjgSnnOvErUDCnGoYVzQndODOhYNZTkIai1RY+FWB9+kgaZiXWRenhlyxmA9Sg E+eaPCr6EmatXhIJucK8W+QykmZ2nmv4VxpOi3EK1Ibq9KncVFTNI7kiYO1u50X+ TRXQ9M/sgB79o7nLtaUYvvkkCeiihUjUuZbGP+oSu10NITyw+XsFwghLUn81vpQr T1+PN0mky8czR7i3/viK7mzGz/HeA3/TzBSVveima9KAlfJZ1S4/wARNtfMiSh7m Qzs8yJMeB6fPW8k+Kb1Xnf4dCEhvXPRqTNWuux/IffLpbGSDO8GrspoZoIAMou2E ZliwxGz4iVqSEeAYbRxVuYMOs+gXTC5nKVGcJCV63+UGTgx300d6cgLbNzsyJn6H 9/LP4Hz7j373HJe/VaJx =uEGn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Status code 403 Forbidden issue for websocket creation using WSS protocol
Hello Chris, Thank you for the response.I am using a self signed certificate. How to make httpd trust the certificate that Tomcat is presenting? Nishant On Fri, Mar 10, 2017 at 12:09 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Nishant, > > On 3/9/17 1:16 PM, nishant singh wrote: > > I am creating a websocket connection to server using "wss" > > protocol from client. I have configured apache as proxy(mod proxy > > and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf > > file) to my tomcat server. In apache VirtualHost for port 443 is > > created.Attached is Apache httpd.conf file for reference.Tomcat > > connector for ssl is mentioned below. I am getting response status > > code 403 Forbidden for websocket request sent from client using > > "wss" protocol. The same set-up works fine using "ws" protocol > > websocket connection on port 80 of apache proxied to port 8080 of > > tomcat.I assume that SSL handshake is failing in this scenario. > > Please suggest the solution. > > Does httpd trust the certificate that Tomcat is presenting when httpd > connects to Tomcat using TLS? > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYwaFYAAoJEBzwKT+lPKRYhckP/jN5Ic4B9VP8pdP/Cm4XduG9 > OB/SZdXee8VvY4UpmTIsM+SfduOxPAilFiv4v4QrvEsoipE0ofzvsBjnFB5t468g > rmagK10r/DcTLIu2SD4R9HeNmcDocWx6mUvePNfpTzIXIn0vZPCn7blCPGatUyQ0 > 6sdMKYWG/PhTRkFniGJGfbJ7rtYpbxUpBm+qbkQ0MGev+yos4Z7A5G4LSzt8KFtv > N0mCKhvWrviUru71fqRv9mr2HLv+nv5t0SRYY03egbP2AqlYaot2VWzijwU96wbZ > OdUoHwrjmQ5SjOKJFYA7QM2KmXAo+zClI2zgSQYt3cDtxGjobGlOQhiUmj/lrpnC > +wbY3ftPiMT3aV5vWuSSNLIbXFnxba3TFEgFA4VvyPOMPqFdY76tJvaRuEyO92/h > 2kdnjQb13ZE5eaABnN2G/OKUJGs0PxOcVY3xW+4L0BDrVZ+HFjTwvWb1PccJhtPP > EMmM6AQYlrYtEwOP59K6a2922C6rKKNVY+lvla5JlRlBVGmeH+6aAMS/evYDf/C5 > eT6m+jhfBYCw0qh1NCdAQMnG8lX4WEvE4j4Ze38OAHLFIu1Rj5zXFhiq/71cm2cg > YYAD4f2l8ZYucWo331sHSzHJlflb8qyb1DgtwjfTlX26GMhYTdB7NlDHn83qld9e > HVjhVZMoyB+TSIN7/ant > =8kml > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Status code 403 Forbidden issue for websocket creation using WSS protocol
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nishant, On 3/9/17 1:16 PM, nishant singh wrote: > I am creating a websocket connection to server using "wss" > protocol from client. I have configured apache as proxy(mod proxy > and mod_proxy_wstunnel.so module is enabled in Apache httpd.conf > file) to my tomcat server. In apache VirtualHost for port 443 is > created.Attached is Apache httpd.conf file for reference.Tomcat > connector for ssl is mentioned below. I am getting response status > code 403 Forbidden for websocket request sent from client using > "wss" protocol. The same set-up works fine using "ws" protocol > websocket connection on port 80 of apache proxied to port 8080 of > tomcat.I assume that SSL handshake is failing in this scenario. > Please suggest the solution. Does httpd trust the certificate that Tomcat is presenting when httpd connects to Tomcat using TLS? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYwaFYAAoJEBzwKT+lPKRYhckP/jN5Ic4B9VP8pdP/Cm4XduG9 OB/SZdXee8VvY4UpmTIsM+SfduOxPAilFiv4v4QrvEsoipE0ofzvsBjnFB5t468g rmagK10r/DcTLIu2SD4R9HeNmcDocWx6mUvePNfpTzIXIn0vZPCn7blCPGatUyQ0 6sdMKYWG/PhTRkFniGJGfbJ7rtYpbxUpBm+qbkQ0MGev+yos4Z7A5G4LSzt8KFtv N0mCKhvWrviUru71fqRv9mr2HLv+nv5t0SRYY03egbP2AqlYaot2VWzijwU96wbZ OdUoHwrjmQ5SjOKJFYA7QM2KmXAo+zClI2zgSQYt3cDtxGjobGlOQhiUmj/lrpnC +wbY3ftPiMT3aV5vWuSSNLIbXFnxba3TFEgFA4VvyPOMPqFdY76tJvaRuEyO92/h 2kdnjQb13ZE5eaABnN2G/OKUJGs0PxOcVY3xW+4L0BDrVZ+HFjTwvWb1PccJhtPP EMmM6AQYlrYtEwOP59K6a2922C6rKKNVY+lvla5JlRlBVGmeH+6aAMS/evYDf/C5 eT6m+jhfBYCw0qh1NCdAQMnG8lX4WEvE4j4Ze38OAHLFIu1Rj5zXFhiq/71cm2cg YYAD4f2l8ZYucWo331sHSzHJlflb8qyb1DgtwjfTlX26GMhYTdB7NlDHn83qld9e HVjhVZMoyB+TSIN7/ant =8kml -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Status code 403 Forbidden issue for websocket creation using WSS protocol
Hi,
I am creating a websocket connection to server using "wss" protocol from
client. I have configured apache as proxy(mod proxy and
mod_proxy_wstunnel.so module is enabled in Apache httpd.conf file) to my
tomcat server. In apache VirtualHost for port 443 is created.Attached is
Apache httpd.conf file for reference.Tomcat connector for ssl is mentioned
below. I am getting response status code 403 Forbidden for websocket
request sent from client using "wss" protocol. The same set-up works fine
using "ws" protocol websocket connection on port 80 of apache proxied to
port 8080 of tomcat.I assume that SSL handshake is failing in this
scenario. Please suggest the solution.
Tomcat version:-9.0.0.M13
Apache version:- 2.4.23
==in Tomcat Server.xml connector configuration on port 443==
==Chrome debugger trace for this Request
[image: Inline image 1]
===sample websocket code for request creation From client
==
this.websocket = new
WebSocket("wss://localhost:443/NG/nmsgServletApp/wsHandler/");
this.websocket.onopen = (evt) => {
this.websocket.send("Hello Nishant");
};
//nmsgServletApp:--> is my application name which is deployed in tomcat
//wsHandler:--> is the server side websocket handler mapping name
//NG:--> Proxy token for web-application deployed in Tomcat
Apache virtual port configuration for request proxy to
tomcat===
SSLCertificateFile ../certificate.pem
SSLCertificateKeyFile ../privkey.pem
ServerAdmin a...@localhost.com
ServerName "localhost"
SSLEngine on
SSLProxyEngine on
SecRuleEngine On
ProxyRequests Off
/*Below is Proxy configuration for above web-application deployed in Tomcat
*/
* ProxyPass /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler*
*ProxyPassReverse /NG/nmsgServletApp/wsHandler
wss://localhost:8443/nmsgServletApp/wsHandler *
*ProxyPass /NG https://localhost:8443/
