Apache proxy over https

Hi,

I'm having issues proxying upsource over Apache & HTTPS targeting mydomain.com:9000/upsource. I followed the instructions here and I can get the proxy working over normal http with a configuration resembling this

Listen 9000
<VirtualHost *:9000>
  RewriteEngine on
  AllowEncodedSlashes on

  RewriteCond %{QUERY_STRING} transport=polling
  RewriteRule /(.*)$ http://127.0.0.1:1111/$1 [P]

  ProxyRequests off
  ProxyPass /upsource/~socket.io/ ws://127.0.0.1:1111/upsource/~socket.io/
  ProxyPassReverse /upsource/~socket.io/ ws://127.0.0.1:1111/upsource/~socket.io/

  ProxyPass / http://127.0.0.1:1111/
  ProxyPassReverse / http://127.0.0.1:1111/
</VirtualHost>

However, if I switch to https, I can open upsource fine but it'll stay at the loading screen forever and the bundled hub works without any problems, which is leading me to think that the problem is related to websocket proxying.

With HTTPS, the config file is looking like this

Listen 9000
<VirtualHost *:9000>
  RequestHeader set X-Forwarded-Proto https
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4:!SEED:!IDEA
  SSLCertificateFile /etc/pki/tls/certs/mydomain.com.crt
  SSLCertificateKeyFile /etc/pki/tls/private/mydomain.com.key
  SSLCertificateChainFile /etc/pki/tls/certs/cert.pem

  RewriteEngine on
  AllowEncodedSlashes on

  RewriteCond %{QUERY_STRING} transport=polling
  RewriteRule /(.*)$ http://127.0.0.1:1111/$1 [P]

  ProxyRequests off
  ProxyPass /upsource/~socket.io/ ws://127.0.0.1:1111/upsource/~socket.io/
  ProxyPassReverse /upsource/~socket.io/ ws://127.0.0.1:1111/upsource/~socket.io/

  ProxyPass / http://127.0.0.1:1111/
  ProxyPassReverse / http://127.0.0.1:1111/

</VirtualHost>

The server is running on Centos 7, with apache 2.4.6

Any input is welcome.

6 comments
Comment actions Permalink

 

Hi Frederic,

Please try to replace last 2 lines with the following:

ProxyPass /upsource/ http://127.0.0.1:1111/upsource/
ProxyPassReverse /upsource/ http://127.0.0.1:1111/upsource/

Also please this string:

RequestHeader set X-Forwarded-Proto "https"

 

Please let me know if it helps.

0
Comment actions Permalink

 Artem,

Thanks for the quick reply. Sadly it doesn't help: the RequestHeader was already set at the beginning of my https VirtualHost config, and only proxying /upsource/ instead of / doesn't change much: in both cases I only get the "Loading Upsource..." and can only fully load the built-in hub (at mydomain:9000/upsource/hub).

0
Comment actions Permalink

Hi Frederic,

What if you try to set it up via locations:

 

AllowEncodedSlashes on
RewriteEngine on
RewriteCond %{QUERY_STRING} transport=polling
RewriteRule /(.*)$ http://backend/$1 [P]
ProxyRequests off
RequestHeader set X-Forwarded-Proto "https"

<Location /upsource/>

ProxyPass http://backend/upsource/
ProxyPassReverse http://backend/upsource/

</Location>

<Location /upsource/~socket.io/>
ProxyPass ws://backend/upsource/~socket.io/

ProxyPassReverse ws://backend/upsource/~socket.io/

</Location>

0
Comment actions Permalink

Hi Artem,

Turns out the problem was a configuration issue on my part: when calling the upsource configure command before starting the server, I set the base url as http instead of https, ie

<upsource_home>\bin\upsource.sh configure --listen-port 1111 --base-url http://mydomain.com:9000/upsource/

I had changed both upsource & hub urls at runtime however some javascript (ring-upsource.min.js) was still trying to load http://mydomain.com:9000/upsource/hub/api/rest/users/me?fields=guest%2Cid%2Cname%2Cprofile%2Favatar%2Furl, first being blocked by mixed-content policy, then if allowed explicitly, still returning bad request since unencrypted content was asked over an https port.

 
0
Comment actions Permalink

Hi Frederic,

Could you please clarify what Upsource version are you using?

Almost the same issue has been fixed in the latest product update - thttps://youtrack.jetbrains.com/issue/UP-6518

0
Comment actions Permalink

Build 3.0.4396

I was able to change the URL in hub and save it, but it seems it didn't stick (or at least partially didn't) and when restarting upsource the old URL would be back. The only way to make the URL change stick was with upsource.sh configure

 

0

Please sign in to leave a comment.