Websocket fails behind apache proxy


#1

Hello,
I run a self hosted bitwarden server (using docker) behind an apache2 proxy. Everything is working fine except for websockets.

The error I get in the browser console is:
`Firefox can’t establish a connection to the server at wss://passwords.tld/notifications/hub?id=removed WebSocketTransport.js:70

Error: Failed to start the transport 'WebSockets': undefined
E</e.prototype.log [Utils.js:190](webpack:///node_modules/@aspnet/signalr/dist/esm/Utils.js)
V</e.prototype.createTransport/</< [HttpConnection.js:283](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s/</< [HttpConnection.js:33](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s/< [HttpConnection.js:15](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
s [HttpConnection.js:6:40](webpack:///node_modules/@aspnet/signalr/dist/esm/HttpConnection.js)
u</t.prototype.invoke [zone.js:388](webpack:///node_modules/zone.js/dist/zone.js)
onInvoke [core.js:3824](webpack:///node_modules/@angular/core/fesm5/core.js)
u</t.prototype.invoke [zone.js:387](webpack:///node_modules/zone.js/dist/zone.js)
i</e.prototype.run [zone.js:138](webpack:///node_modules/zone.js/dist/zone.js)
F/< [zone.js:872](webpack:///node_modules/zone.js/dist/zone.js)
u</t.prototype.invokeTask [zone.js:421](webpack:///node_modules/zone.js/dist/zone.js)
onInvokeTask [core.js:3815](webpack:///node_modules/@angular/core/fesm5/core.js)
u</t.prototype.invokeTask [zone.js:420](webpack:///node_modules/zone.js/dist/zone.js)
i</e.prototype.runTask [zone.js:188](webpack:///node_modules/zone.js/dist/zone.js)
d [zone.js:595](webpack:///node_modules/zone.js/dist/zone.js)
c</e.invokeTask [zone.js:500](webpack:///node_modules/zone.js/dist/zone.js)
m [zone.js:1540](webpack:///node_modules/zone.js/dist/zone.js)
b [zone.js:1566](webpack:///node_modules/zone.js/dist/zone.js)`

I tried multiple different apache configs but the result is always the same. I use websockets with other servers behind the same proxy without issue so not sure what I’m doing wrong.

Has anyone managed to get websockets working in a self hosted docker environment?

Thanks,
Uli


#2

Make sure you are passing through the Upgrade and Connection headers for the /notifications/hub endpoint.


#3

Hi Kyle,
Thanks for the super fast answer, much appreciated. I checked the logs and the headers were actually passed through just fine. So I spent a couple of hours yesterday to try a lot of different configs and finally found one that works (I should probably switch to nginx at one point).
In case anyone else has this issue here’s what worked for me in the end:

  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off

  # allow for upgrading to websockets
  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /(.*)           ws://127.0.0.1:8098/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /(.*)           http://127.0.0.1:8098/$1 [P,L]

  ProxyPass / http://127.0.0.1:8098/
  ProxyPassReverse / http://127.0.0.1:8098/

  ProxyPass /notifications/hub ws://127.0.0.1:8098/notifications/hub
  ProxyPassReverse /notifications/hub ws://127.0.0.1:8098/notifications/hub

Not sure if this is the most elegant config but at least it works.

Thanks again, Kyle and also thank you for this amazing password manager.