Uploaded image for project: 'mod_cluster'
  1. mod_cluster
  2. MODCLUSTER-722

Request header not forwarded to backend when websockets are enabled

    XMLWordPrintable

Details

    Description

      I'm having a Wildfly 20 cluster running in domain mode. I use Apache with mod_cluster to serve as a load balancer and to make the web apps running on Wildfly available to the public.

       

      I have two goals to accomplish:

      • The web apps should be served as https.
      • Some web apps have websocket URLs, that should work from behind the proxy.

       

      To enable web sockets I realized that I need to use http connection between Wildfly and mod_cluster instead of ajp. This switch created a whole lot of issues. But ultimately I managed to fix these by adding:
      ProxyPreserveHost On
      and
      RequestHeader set X-Forwarded-Proto "https"
      to the virtual hosts in Apache. The second one is important because as I wrote I'm serving the web apps over https so Wildfly needs to know that the connection is https. Otherwise the web apps think that the connection is http and use bad url formats. (I also had to add proxy-address-forwarding="true" to the http listener in Wildfly for this to work.)

       

      Then I tried to solve the issue with web sockets. Because even with http connection they didn't work. I enabled proxy_wstunnel module in Apache. Then I found these two issues:
      https://issues.redhat.com/browse/MODCLUSTER-580?_sscc=t
      https://issues.redhat.com/browse/JBCS-425
      Following the discussions from these issues I ended up building the latest version of mod_cluster from git: version 1.3.14. Then added WSUpgradeHeader NONE to the proxy_cluster.conf file. This solved the problem with web sockets, and the http pages are also loading.

       

      Now I'm having another issue. As I wrote above I added RequestHeader set X-Forwarded-Proto "https" to let Wildfly know that the connection is https. When I first open a https URL to a vhost using this header, the page opens perfectly. If I now refresh the page, the page opens with unsecure http links. (HttpServletRequest.getScheme() in Java web apps return "http")

       

      So the bug is that the second time I open the https URL, Wildfly clearly thinks that the connection is http.

       

      This only happens when web sockets are enabled in mod_cluster config. Strangely if I wait about a minute between the two page loads then the second page load is good, too. From the mod_cluster status page I can see that the backend clients are connecting with url "ws://..." instead of "http://...". Can it be that the connection between mod_cluster and Wildfly is now through web sockets, that keep open for a minute, and maybe the headers are only forwarded when the connection builds up? Is there a way to fix this issue? Can the headers be forwarded for every requests somehow?

       

      Thanks for the help!

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users MODCLUSTER-800 Enable mod_proxy_cluster logic to correctly use the Apache httpd websocket feature introduced in 2.4.47

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              rhn-engineering-jclere Jean-Frederic Clere
              gabor.kaposi@outlook.com Gab K (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: