Mark Jaroski at 2013-07-09T12:41:54Z

How to use Voyageur's Apache websocket backport with

As I mentioned in a previous post I'm running a couple of other services from my machine on paths below root which is why I wanted to use a reverse proxy in the first place. Otherwise I'd have probably just gone with Evan's admonition against them. My setup is Ubuntu 13.04 (Raring) on an older system76 laptop. The Apache provided with Raring is 2.2, and I expect that to be the case for some time.

Thankfully Bernard Cafarelli (Voyageur) published a patch backporting websocket proxy support to Apache 2.2 back in late April, so I thought I'd try to get it to work with my setup, and am happy to report that it works! Here's what I did:

The first step is to get the patch and to compile the module. Voyageur's patch is here. Yes, both the title of the patch and the file references inside refer to Apache 2.4, but that's because it's a backport (of a backport). It does work with 2.2.

So my next step was to get a copy of the sources. I did this the Debian way:

mkdir -p ~/src
cd ~/src
apt-get source apache2

You might also need to fetch some build dependancies:

apt-get build-dep apache2
apt-get install autoconf

My first impulse was to try to build a Debian package containing the module, but after playing with it for a while I realized that this was overkill. All I really needed was a binary module which would work with the 2.2 series. This works because Apache is designed to support binary modules, so long as they are within series.

So it's possible to just skip the package-buiding, and instead just apply the patch, configure, and build. So long as your apache has DSO support you don't even need to use a simlar configuration:

NOTE: check your paths, they might be different from mine

cd ~/src/apache2-2.2.22
patch -p1 -i ~/downloads/apache-2.2.24-wstunnel.patch
autoconf # this is key: you need an updated configure script!
./configure --enable-so --enable-proxy=shared --enable-proxy-wstunnel=shared

You should now find a shiny new websocket proxy module in modules/proxy/.libs. You need to copy this into your system apache modules directory:

cp modules/proxy/.libs/  /usr/lib/apache2/modules/

It probably makes sense to copy it to a second location as a backup as well, but given the way the package management system works it will be safe there until the module appears in some future Debian package, in which case you want it to be overwritten anyway.

Now it's just a matter of configuring apache. First I added a .load file: /etc/apache2/mods-available:/

# Depends: proxy
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/

And enabled the module with a symlink:

cd /etc/apache2/mods-enabled
ln -s ../mods-available/proxy_wstunnel.load

And finally I added a location stanza to map proxy requests. I found the location in my httpd access logs:

<Location /main/realtime/sockjs>
        ProxyPass wss://
        ProxyPassReverse wss://

Then a sanity check:

apachectl confgitest

Presuming that's good then you should be able to restart apache and all will be well. I used the init script:

/etc/init.d/apache2 restart

So far the biggest benifit seems to be a slight speed improvement in the pseudo authentication handshake. There are probably some other things that work better, but mainly I just didn't want to run pump with one of its main protocols disabled.

Hopefully this will be useful for somebody. Have fun!, Stephen Sekula likes this.