Configure Apache for WebSockets using Reverse Proxy

Updated on March 29, 2022

I used WebSockify in my web application to connect to the VNC server using noVNC to enable remote access to Linux servers via the browser. It was an easy implementation as there was no firewall involved and the WebSocket port was opened. However, recently I had to migrate to another server that was behind a firewall and I didn’t want to open the port as it might risk the entire system. In this article, we will be implementing WebSockify through Apache Reverse Proxy.

Configure Apache for WebSockets using Reverse Proxy

 

What is noVNC?

noVNC is a HTML client for VNC. Using noVNC, you can connect to a VNC server from a browser.

Why WebSockify?

WebSockify translates WebSockets traffic to normal socket traffic. Websockify accepts the WebSockets handshake, parses it, and then begins forwarding traffic between the client and the target in both directions.

noVNC connecting to VNC through Websockify

Pic Courtesy: datawookie.dev

Assumption:

It is assumed that both your WebSockify and the Apache web server are running on the same host.

Setup:

  • Apache v2.4
  • WebSockify for WebSockets on port 6080
  • noVNC installed
  • remote server running VNC
  • CentOS Linux 7.9

Note: We shall not go into detail on how to configure WebSockify with noVNC & VNC.

Configure Apache Reverse Proxy for Websockets

Step 1: Make sure the below modules are enabled in Apache /etc/httpd/conf.modules.d/ folder.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule rewrite_module modules/mod_rewrite.so

Step 2: Create a VirtualHost having ReverseProxy and Rewrite rules as below:

Websockify Application URL

WebSockify is running on port 6080 and it is accessible over the url: https://localhost:6080

<VirtualHost *:80>
  ServerName techglimpse.com
  
  ProxyRequests on
  RequestHeader set X-Forwarded-Proto "http"	
  ProxyPass /console https://localhost:6080/
  ProxyPassReverse /console https://localhost:6080/  

  RewriteEngine on
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* ws://localhost:6080%{REQUEST_URI} [P]
  
</VirtualHost>

Step 3: Restart the Apache webserver

# systemctl restart httpd

 

Was this article helpful?

Related Articles

Leave a Comment