Mattermost Peer-to-Peer Forum

[solved] Apache reverse proxy to foreign server wss issue



Wss proxy passing doesnot working

Steps to reproduce

I’ve got a gitlab 11 server in my local network at address and reverse proxy server on address which passing traffic from internet to intranet. I’ve successfully setted up gitlab proxy pass and mattermost proxypass in partial (login page and mattermost site works as well, but not a websockets. my apache conf listed below:

<VirtualHost :443>
SSLEngine on
SSLProxyEngine On
ErrorLog /var/log/apache2/mattermost-error.log
CustomLog /var/log/apache2/mattermost-access.log combined
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/api/v[0-9]+/(users/)?websocket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .
#RewriteRule .*{REQUEST_URI} [P,QSA,L]
RequestHeader set X-Forwarded-Proto “https”

    RequestHeader unset If-Modified-Since
    RequestHeader unset If-None-Match

    <LocationMatch "/api/(?<version>v[0-9]+)/(?<users>users/)?websocket$">
            Require all granted
            ProxyPassReverse wss://{env:MATCH_VERSION}/%{env:MATCH_USERS}websocket
    <Location />
            Require all granted

    ProxyPreserveHost On
    ProxyRequests Off
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/
    Include /etc/letsencrypt/options-ssl-apache.conf

Observed behavior

websocket_client.jsx:38 WebSocket connection to wss://’ failed: Error during WebSocket handshake: Unexpected response code: 503

is it possible to proxy wss websocket?


Hi @qmor,

It should be possible to proxy websockets (even with Apache - as described in the documentation). One of our community members suggests you to investigate which service returned the 503 . Mattermost or your Apache proxy? Log files might provide additional insights.


got some apacke2 logs

[Wed Apr 24 16:01:03.723277 2019] [proxy:error] [pid 18975:tid 140161291581184] (111)Connection refused: AH00957: WSS: attempt to connect to (*) failed
[Wed Apr 24 16:01:03.723352 2019] [proxy_wstunnel:error] [pid 18975:tid 140161291581184] [client] AH02452: failed to make connection to backend:


Hi @qmor, Do you have any information in your Mattermost logs - around Wed Apr 24 16:01:03 2019 - why Mattermost refused that connection?


looks like i’ve solved a problem. just need to redirect mattermost wss connection to 443 port not 8065

RewriteRule .* wss://{REQUEST_URI} [P,QSA,L]

instead of

RewriteRule .* wss://{REQUEST_URI} [P,QSA,L]

1 Like