How to use Voyageur's Apache websocket backport with pump.io
As I mentioned in a previous post I'm running a couple of other services from my pump.io machine on paths below root which is why I wanted to use a reverse proxy in the first place. Otherwise I'd have probably just gone with Evan's admonition against them. My setup is Ubuntu 13.04 (Raring) on an older system76 laptop. The Apache provided with Raring is 2.2, and I expect that to be the case for some time.
Thankfully Bernard Cafarelli (Voyageur) published a patch backporting websocket proxy support to Apache 2.2 back in late April, so I thought I'd try to get it to work with my pump.io setup, and am happy to report that it works! Here's what I did:
The first step is to get the patch and to compile the module. Voyageur's patch is here. Yes, both the title of the patch and the file references inside refer to Apache 2.4, but that's because it's a backport (of a backport). It does work with 2.2.
So my next step was to get a copy of the sources. I did this the Debian way:
mkdir -p ~/src cd ~/src apt-get source apache2
You might also need to fetch some build dependancies:
apt-get build-dep apache2 apt-get install autoconf
My first impulse was to try to build a Debian package containing the module, but after playing with it for a while I realized that this was overkill. All I really needed was a binary module which would work with the 2.2 series. This works because Apache is designed to support binary modules, so long as they are within series.
So it's possible to just skip the package-buiding, and instead just apply the patch, configure, and build. So long as your apache has DSO support you don't even need to use a simlar configuration:
NOTE: check your paths, they might be different from mine
cd ~/src/apache2-2.2.22 patch -p1 -i ~/downloads/apache-2.2.24-wstunnel.patch autoconf # this is key: you need an updated configure script! ./configure --enable-so --enable-proxy=shared --enable-proxy-wstunnel=shared make
You should now find a shiny new websocket proxy module in modules/proxy/.libs. You need to copy this into your system apache modules directory:
cp modules/proxy/.libs/mod_proxy_wstunnel.so /usr/lib/apache2/modules/
It probably makes sense to copy it to a second location as a backup as well, but given the way the package management system works it will be safe there until the module appears in some future Debian package, in which case you want it to be overwritten anyway.
Now it's just a matter of configuring apache. First I added a .load file: /etc/apache2/mods-available:/proxy_wstunnel.so
# Depends: proxy LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
And enabled the module with a symlink:
cd /etc/apache2/mods-enabled ln -s ../mods-available/proxy_wstunnel.load
And finally I added a location stanza to map pump.io proxy requests. I found the location in my httpd access logs:
<Location /main/realtime/sockjs> ProxyPass wss://192.168.0.5/main/realtime/sockjs ProxyPassReverse wss://192.168.0.5/main/realtime/sockjs </Location>
Then a sanity check:
Presuming that's good then you should be able to restart apache and all will be well. I used the init script:
So far the biggest benifit seems to be a slight speed improvement in the pseudo authentication handshake. There are probably some other things that work better, but mainly I just didn't want to run pump with one of its main protocols disabled.
Hopefully this will be useful for somebody. Have fun!