Apache2 WSS Reverse proxy ошибка 400 Bad Request при подключении
Написал приложение на C# с использованием WebSocketSharp.NetCore. Создал WebSocket сервер:
server = new WebSocketServer("ws://localhost:6003");
server.AddWebSocketService<Echo>("/");
server.Start();
Скомпилировал для Ubuntu 20.04 и подключился локально через websocat. Эхо-сервис работает, как и ожидается.
Затем мне необходимо вывести этот сервис как WSS с доменным именем. Для данного примера я хочу перенаправление запросов wss://brakelessgames.ru:443/ws => ws://localhost:6003 Для этого много чего перепробовал для настройки Apache2. Лучшее, чего добился:
<VirtualHost *:443>
ServerName brakelessgames.ru
DocumentRoot /var/www/html
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/brakelessgames.ru/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brakelessgames.ru/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/brakelessgames.ru/chain.pem
SSLCACertificateFile /etc/letsencrypt/live/brakelessgames.ru/chain.pem
Header add Access-Control-Allow-Origin "*"
SSLProxyEngine On
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}s
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass /ws ws://localhost:6003
ProxyPassReverse /ws ws://localhost:6003
<Location /ws>
ProxyPreserveHost On
ProxyPass ws://localhost:6003
ProxyPassReverse ws://localhost:6003
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:6003 [P,L]
</Location>
</VirtualHost>
В результате подключения (websocat локально и Firefox по сети) выдаёт ошибку 400 Bad request. Локальный websocket отрабатывает, как и прежде. Попытался снять логи подключения с Apache (/var/logs/apache2/error.log). Вот фрагмент:
GNU nano 4.8 error.log
[Wed Jun 05 00:41:50.979424 2024] [ssl:debug] [pid 43351] ssl_engine_kernel.c(415): [client 62.118.80.156:15790] AH02034: Subsequent (No.2) HTTPS request received for child 2 (server brakelessgames.ru:443), referer: https://brakelessgames.ru/worldofpuzzles/
[Wed Jun 05 00:41:50.979603 2024] [authz_core:debug] [pid 43351] mod_authz_core.c(817): [client 62.118.80.156:15790] AH01626: authorization result of Require all granted: granted, referer: https://brakelessgames.ru/worldofpuzzles/
[Wed Jun 05 00:41:50.979619 2024] [authz_core:debug] [pid 43351] mod_authz_core.c(817): [client 62.118.80.156:15790] AH01626: authorization result of <RequireAny>: granted, referer: https://brakelessgames.ru/worldofpuzzles/
[Wed Jun 05 00:41:50.979740 2024] [core:info] [pid 43351] [client 62.118.80.156:15790] AH00128: File does not exist: /var/www/html/favicon.ico, referer: https://brakelessgames.ru/worldofpuzzles/
[Wed Jun 05 00:41:50.980005 2024] [ssl:debug] [pid 43351] ssl_engine_io.c(1102): [client 62.118.80.156:15790] AH02001: Connection closed to child 2 with standard shutdown (server brakelessgames.ru:443)
[Wed Jun 05 00:42:08.803189 2024] [core:debug] [pid 43349] protocol.c(511): NULL bytes in header (16 bytes)
[Wed Jun 05 00:42:08.803677 2024] [core:debug] [pid 43349] protocol.c(511): ...........:).$. 16030100ee010000ea03033a29b5240a
[Wed Jun 05 00:42:08.803700 2024] [core:debug] [pid 43349] protocol.c(1446): [client 167.94.138.56:58098] AH00566: request failed: malformed request line
[Wed Jun 05 00:42:10.531947 2024] [ssl:info] [pid 43352] [client 185.217.198.158:60328] AH01964: Connection to child 3 established (server brakelessgames.ru:443)
[Wed Jun 05 00:42:10.533361 2024] [ssl:debug] [pid 43352] ssl_engine_kernel.c(2372): [client 185.217.198.158:60328] AH02043: SSL virtual host for servername brakelessgames.ru found
[Wed Jun 05 00:42:10.545266 2024] [ssl:debug] [pid 43352] ssl_engine_kernel.c(2254): [client 185.217.198.158:60328] AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Wed Jun 05 00:42:10.545507 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(493): AH00831: socache_shmcb_store (0xdf -> subcache 31)
[Wed Jun 05 00:42:10.545555 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(847): AH00847: insert happened at idx=0, data=(0:32)
[Wed Jun 05 00:42:10.545564 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(850): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/209
[Wed Jun 05 00:42:10.545571 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(515): AH00834: leaving socache_shmcb_store successfully
[Wed Jun 05 00:42:10.545716 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(493): AH00831: socache_shmcb_store (0x80 -> subcache 0)
[Wed Jun 05 00:42:10.545731 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(847): AH00847: insert happened at idx=0, data=(0:32)
[Wed Jun 05 00:42:10.545738 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(850): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/209
[Wed Jun 05 00:42:10.545744 2024] [socache_shmcb:debug] [pid 43352] mod_socache_shmcb.c(515): AH00834: leaving socache_shmcb_store successfully
[Wed Jun 05 00:42:10.547012 2024] [ssl:debug] [pid 43352] ssl_engine_kernel.c(415): [client 185.217.198.158:60328] AH02034: Initial (No.1) HTTPS request received for child 3 (server brakelessgames.ru:443)
[Wed Jun 05 00:42:10.547859 2024] [authz_core:debug] [pid 43352] mod_authz_core.c(845): [client 185.217.198.158:60328] AH01628: authorization result: granted (no directives)
[Wed Jun 05 00:42:10.548202 2024] [core:debug] [pid 43352] protocol.c(2430): [client 185.217.198.158:60328] AH03155: select protocol from , choices=websocket for server brakelessgames.ru
[Wed Jun 05 00:42:10.548252 2024] [proxy:debug] [pid 43352] mod_proxy.c(1254): [client 185.217.198.158:60328] AH01143: Running scheme ws handler (attempt 0)
[Wed Jun 05 00:42:10.548296 2024] [proxy_http:debug] [pid 43352] mod_proxy_http.c(1993): [client 185.217.198.158:60328] AH01113: HTTP: declining URL ws://localhost:6003
[Wed Jun 05 00:42:10.548307 2024] [proxy_wstunnel:debug] [pid 43352] mod_proxy_wstunnel.c(331): [client 185.217.198.158:60328] AH02451: serving URL ws://localhost:6003
[Wed Jun 05 00:42:10.548315 2024] [proxy:debug] [pid 43352] proxy_util.c(2341): AH00942: WS: has acquired connection for (localhost)
[Wed Jun 05 00:42:10.548333 2024] [proxy:debug] [pid 43352] proxy_util.c(2395): [client 185.217.198.158:60328] AH00944: connecting ws://localhost:6003 to localhost:6003
[Wed Jun 05 00:42:10.548658 2024] [proxy:debug] [pid 43352] proxy_util.c(2604): [client 185.217.198.158:60328] AH00947: connected to localhost:6003
[Wed Jun 05 00:42:10.550472 2024] [proxy:debug] [pid 43352] proxy_util.c(3070): AH02824: WS: connection established with [::1]:6003 (localhost)
[Wed Jun 05 00:42:10.550509 2024] [proxy:debug] [pid 43352] proxy_util.c(3256): AH00962: WS: connection complete to [::1]:6003 (localhost)
[Wed Jun 05 00:42:10.557192 2024] [ssl:info] [pid 43352] (70014)End of file found: [client 185.217.198.158:60328] AH01991: SSL input filter read failed.
[Wed Jun 05 00:42:10.557232 2024] [proxy:debug] [pid 43352] proxy_util.c(2356): AH00943: WS: has released connection for (localhost)
[Wed Jun 05 00:42:10.557415 2024] [ssl:debug] [pid 43352] ssl_engine_io.c(1102): [client 185.217.198.158:60328] AH02001: Connection closed to child 3 with standard shutdown (server brakelessgames.ru:443)
Подозреваю, что проблема кроется в 3 строке снизу: End of file found: [client 185.217.198.158:60328] AH01991: SSL input filter read failed. Но допускаю, что я ошибаюсь. Беглый поиск по проблеме успехов не выдал. Ответы нейронок тоже ценности не представляют. Прошу у Вас совета, как данную проблему разрешить.