带有Apache2反向代理SSL握手的芹菜花对于Websocket失败

Question

我正在尝试为apache2之后的花朵设置反向代理，如本帖子《 芹菜生产中的安全性》所述 。

通过代理从Flower进行的Https页面加载工作正常，但是打开以更新仪表板的websocket却没有-ssl握手失败并且没有响应返回。 我在ubuntu 12.04上使用apache2 2.2.22，并通过常用补丁添加了mod_proxy_wstunnel，以便通过隧道连接websocket。 我在127.0.0.1:5555上通过主管进行管理。

这是我的Apache .conf的相关部分

SSLProxyEngine On
SSLProxyVerify none

ProxyRequests Off
ProxyPass /update-dashboard wss://127.0.0.1:5555/update-dashboard
ProxyPassReverse /update-dashboard wss://127.0.0.1:5555/update-dashboard

ProxyPass / http://127.0.0.1:5555/
ProxyPassReverse / http://127.0.0.1:5555/
<Proxy  *>
Order deny,allow
Allow from all
</Proxy>

这是最终超时后的请求

"GET /update-dashboard HTTP/1.1"
 500 419 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML,     like Gecko) Chrome/43.0.2357.124 Safari/537.36"

这是apache2错误日志的输出

[Fri Jun 12 16:44:28 2015] [info] Initial (No.1) HTTPS request received for child 195 (server demoflower.eatthismuch.com:80)
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(377): [client 71.189.228.118] canonicalising URL //127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(1509): [client 71.189.228.118] proxy: wss: found worker wss://127.0.0.1:5555/update-dashboard for wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy.c(1020): Running scheme wss handler (attempt 0)
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_http.c(1978): proxy: HTTP: declining URL wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(659): [client 71.189.228.118] AH02451: serving URL wss://127.0.0.1:5555/update-dashboard
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2014): proxy: WSS: has acquired connection for (127.0.0.1)
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2070): proxy: connecting wss://127.0.0.1:5555/update-dashboard to 127.0.0.1:5555
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2196): proxy: connected /update-dashboard to 127.0.0.1:5555
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2447): proxy: WSS: fam 2 socket created to connect to 127.0.0.1
[Fri Jun 12 16:44:28 2015] [debug] proxy_util.c(2579): proxy: WSS: connection complete to 127.0.0.1:5555 (127.0.0.1)
[Fri Jun 12 16:44:28 2015] [info] [client 127.0.0.1] Connection to child 0 established (server demoflower.eatthismuch.com:80)
[Fri Jun 12 16:44:28 2015] [info] Seeding PRNG with 656 bytes of entropy
[Fri Jun 12 16:44:28 2015] [debug] mod_proxy_wstunnel.c(518): [client 71.189.228.118] sending request
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1819): OpenSSL: Handshake: start
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1827): OpenSSL: Loop: before/connect initialization
[Fri Jun 12 16:44:28 2015] [debug] ssl_engine_kernel.c(1827): OpenSSL: Loop: unknown state
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b6c001650 [mem: 7f0b68006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b60001650 [mem: 7f0b60006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 13:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b70001650 [mem: 7f0b70006f83]
[Fri Jun 12 13:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b6c001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b60001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f0b64001650 [mem: 7f0b70006f83]
[Fri Jun 12 16:44:32 2015] [debug] ssl_engine_kernel.c(1837): OpenSSL: Write: SSL negotiation finished successfully

任何想法可能出什么问题吗？ 我尝试了很多不同的apache2设置都没有用。 谢谢阅读！

Answer 1

我有一个类似的apache配置文件，它无法正常工作，并且我看到了OpenSSL错误5个字节的预期消息。

我添加了以下内容：

ProxyPreserveHost On

现在该应用程序可以正常运行。 我仍然看到OpenSSL错误，但这似乎不是问题。

请注意，下降的http URL只是mod_proxy的正常操作，它以指定顺序尝试所有较低级别的代理模块，直到找到匹配的模块。

我也在使用ws:协议而不是wss:与Tomcat 8后端通信。