Specifying ws instead of http in the RewriteRule should be good. > If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Did you explicitly load the mod_proxy_wstunnel module as is mentioned in the error message? The error message hints that Apache doesn't know how to handle a ws:// proxy connection. If it still doesn't work after adding a LoadModule, maybe try wss://? I'm no expert on Gitlab installations, but on a quick search I didn't find any resources mentioning plain websockets, only secure websockets. Am 22. Dezember 2022 14:54:01 MEZ schrieb Jan Kohnert <nospam001-li...@jan-kohnert.de>: >Hello everyone, > >I've set up a GitLab instance running behind an Apache HTTP-Server acting a >proxy. GitLab officially only supports NGINX as a proxy, but since my Apache >also serves different VirtualHosts, I'd rather keep the setup I have instead >of setting up another WebServer. > >According to [1], and [2] I have configured my virtual host's proxy as >following: > >ProxyAddHeaders On >RequestHeader add X-Forwarded-Ssl on >RequestHeader set X-Forwarded-Proto "https" > >ProxyPass unix:///opt/gitlab/gitlab/tmp/sockets/gitlab-workhorse.socket| >http://127.0.0.1/ >ProxyPassReverse unix:///opt/gitlab/gitlab/tmp/sockets/gitlab- >workhorse.socket|http://127.0.0.1/ > >So far, this is just working fine. GitLab also uses Web-Sockets, that need to >be forwarded, too. Right now using this configuration, GitLabs log show the >following, when trying to make a Web-Socket: > >Started GET "/-/cable" for $REMOTE_IP at 2022-12-22 14:35:51 +0100 >Started GET "/-/cable/"[non-WebSocket] for $REMOTE_IP at 2022-12-22 14:35:51 >+0100 >Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: , >HTTP_UPGRADE: ) >Finished "/-/cable/"[non-WebSocket] for $REMOTE_IP at 2022-12-22 14:35:51 >+0100 > >So; following [3], I added: > >RewriteEngine on >RewriteCond %{HTTP:Upgrade} websocket [NC] >RewriteCond %{HTTP:Connection} upgrade [NC] >RewriteRule ^/?(.*) "unix:/opt/gitlab/gitlab/tmp/sockets/gitlab- >workhorse.socket|http://127.0.0.1/$1"; [P,NE] > >Missing the NE-Flag, as well as replacing http with ws results in a bad config >message in Apache's error logs: >[Thu Dec 22 14:34:51.093012 2022] [proxy:warn] [pid 781:tid 140179385861824] >[client $REMOTE_IP:57328] AH01144: No protocol handler was valid for the URL >/-/cable (scheme 'unix'). If you are using a DSO version of mod_proxy, make >sure the proxy submodules are included in the configuration using LoadModule. > >Using the config as written shows the following in GitLab's logs: > >Started GET "/proxy:http://127.0.0.1/-/cable/"; for $REMOTE_IP at 2022-12-22 >14:46:19 +0100 >Processing by ApplicationController#route_not_found as HTML > Parameters: {"unmatched_route"=>"proxy:http:/127.0.0.1/-/cable"} > Rendered layout layouts/errors.html.haml (Duration: 2.2ms | Allocations: >600) >Completed 404 Not Found in 30ms (Views: 2.8ms | ActiveRecord: 3.5ms | >Elasticsearch: 0.0ms | Allocations: 7303) > >So I assume the config is still wrong, but I could not yet find a working >solution. Anybody knows what I'm missing? > >Thanks! > >[1] https://docs.gitlab.com/omnibus/settings/nginx.html >[2] https://httpd.apache.org/docs/2.4/mod/mod_proxy.html >[3] https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html > >-- >MfG Jan > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >For additional commands, e-mail: users-h...@httpd.apache.org >
