Aha! Apache does need to distinguish which traffic to proxy as WebSocket.
Many examples on the web assume that the URI path can be used to recognize
WebSocket traffic. e.g. All WS traffic begins with "/ws". But Bob issue
the same URI for the WS connection as the Tiddlywiki page itself. e.g.
https://my.domain.com/.
I thought I'd fail to put Bob behind an Apache SSL-terminating proxy, until
I realized I could use the WS header itself to recognize the traffic. The
'WebSockets' section in the httpd.conf below says, "If you get a request
with the HTTP headers "Upgrade: websocket" and "Connection: Upgrade"
rewrite it to a WebSocket request for the IP/port where Bob is running.
<VirtualHost *:443>
ServerName my.domain.com
ProxyRequests Off
ProxyPreserveHost on
###### Adding WebSockets ######
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:8088/$1 [P,L]
###### Finished WebSockets #######
ProxyPass "/" "http://127.0.0.1:8088/";
ProxyPassReverse "/" "http://127.0.0.1:8088/";
Include cert-stuff.conf
AllowEncodedSlashes On
SSLEngine On
SSLProxyEngine On
<Location "/">
AuthType Basic
AuthName "Restricted test Content"
AuthUserFile /path/to/passwords
Require valid-user
</Location>
</VirtualHost>
Keyword fodder for any future searcher (including myself): Use Apache as an
SSL-terminating proxy in front of Tiddlywiki-with-Bob to provide
user/password authentication so you can expose your wiki on the Internet.
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/0194f246-9259-4400-a794-2ee640123f7c%40googlegroups.com.
