9

I have a websocket server hostet with Spring Boot Websockets. Safari, Chrome and Edge can connect, but Firefox can't. Error:

Firefox kann keine Verbindung zu dem Server unter wss://MY_DOMAIN/growth-websocket/933/omw002tp/websocket aufbauen.

(= "Firefox can't establish a connection to the server at wss://...")

I am proxying the WebSockets with Apache:

RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:4567%{REQUEST_URI} [P]

Thanks for your help!

Timo Zikeli
  • 166
  • 1
  • 3
  • 7
  • Have you tried this solution? It may work for you. https://stackoverflow.com/questions/23775215/can-not-established-websocket-secure-connection-on-firefox – Kyordhel Nov 24 '17 at 14:00
  • 1
    Same problem here, except I'm using nginx & node.js with npm 'ws' websockets. – Nodeocrat Dec 17 '17 at 22:17

2 Answers2

2

I got this working on my Docker OIDC proxy after a few tries. The tricky bit is to allow it to work when the proxied URI for websockets and normal HTTP is the same. If it were distinct we can simply have another ProxyPass/ProxyPassReverse combination before it.

To support this the Rewrite engine is used to detect whether the Upgrade and Conntextion headers are set and if so proxy accordingly. The second tricky bit [though I am not sure why] is to put it after the ProxyPass and ProxyPassReverse directives.

Here is the code from https://github.com/trajano/docker-oidc-proxy/blob/master/oidc-proxy.conf in context

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule rewrite_module modules/mod_rewrite.so

...

ProxyPass "/" "http://${SERVICE_NAME}:${SERVICE_PORT}/"
ProxyPassReverse "/" "http://${SERVICE_NAME}:${SERVICE_PORT}/"

ProxyPreserveHost On
ProxyVia On

RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://${SERVICE_NAME}:${SERVICE_PORT}%{REQUEST_URI} [P]

I was able to successfully verify this with a Jupyter notebook server which uses Web Sockets.

Archimedes Trajano
  • 35,625
  • 19
  • 175
  • 265
0

This answer comes late, but may help others with similar issues.

I created a similar question and provided two different answers, both working as expected. One answer is about how to configure the Apache proxy to make ws:// work over https, and the other tells how to generate a self-signed certificate in order to work without problems with HTTPS and WSS without using proxy.

Can't establish a connection with javascript to a secure websocket server

Please read carefully the comments I left there as well.

jgarcias
  • 337
  • 3
  • 17