Configure Apache for WebSockets using Reverse Proxy

I used WebSockify in my web application to connect to the VNC server using noVNC to enable remote access to Linux servers via the browser. It was an easy implementation as there was no firewall involved and the WebSocket port was opened. However, recently I had to migrate to another server that was behind a firewall and I didn’t want to open the port as it might risk the entire system. In this article, we will be implementing WebSockify through Apache Reverse Proxy.

Pic Courtesy: datawookie.dev

Setup:

• Apache v2.4
• WebSockify for WebSockets on port 6080
• noVNC installed
• remote server running VNC
• CentOS Linux 7.9

Note: We shall not go into detail on how to configure WebSockify with noVNC & VNC.

Configure Apache Reverse Proxy for Websockets

Step 1: Make sure the below modules are enabled in Apache /etc/httpd/conf.modules.d/ folder.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule rewrite_module modules/mod_rewrite.so

Step 2: Create a VirtualHost having ReverseProxy and Rewrite rules as below:

<VirtualHost *:80>
  ServerName techglimpse.com
  
  ProxyRequests on
  RequestHeader set X-Forwarded-Proto "http"	
  ProxyPass /console https://localhost:6080/
  ProxyPassReverse /console https://localhost:6080/  

  RewriteEngine on
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* ws://localhost:6080%{REQUEST_URI} [P]
  
</VirtualHost>

Step 3: Restart the Apache webserver

# systemctl restart httpd