otree/django的Apache反向代理问题

Question

我正在尝试将apache与SSL一起设置为oTree应用程序的反向代理。oTree是一个用于社会科学实验的框架，它建立在django之上，也使用django通道。反向代理通常可以工作，但我对websockets有问题。

我的apache配置是

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost

ServerName myurl.net
ProxyRequests Off
ServerAdmin webmaster@localhost
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/

SSLEngine on
SSLProxyEngine on
RewriteEngine On
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) wss://127.0.0.1:8000/$1 [P,L]

ServerName myurl.net
SSLCertificateFile /etc/letsencrypt/live/myurl.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myurl.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

我在apache中得到以下错误

[Wed Jan 06 15:42:51.137016 2021] [proxy:error] [pid 5573:tid 140468195309312] [client myip] AH00898: Error during SSL Handshake with remote server returned by /no_op/
[Wed Jan 06 15:42:59.029500 2021] [proxy:error] [pid 5574:tid 140468096587520] (20014)Internal error (specific information not available): [client myip] AH01084: pass request body failed to 127.0.0.1:8000 (127.0.0.1)

在我的浏览器中，我得到了以下错误。

(index):94 WebSocket connection to 'wss://myurl.net/create_demo_session/' failed: Error during WebSocket handshake: Unexpected response code: 500

有人知道我错过了什么吗？

编辑:仅供参考，NGINX配置如下：

server {
    listen 443 ssl;
    server_name _;

    ssl on;
    ssl_certificate "mycertificate";
    ssl_certificate_key "mycertificate";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header        Connection $connection_upgrade;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Host $server_name;
        proxy_http_version 1.1;
        proxy_set_header Connection $http_connection;
        
    }
}

Answer 1

如果要在主机的子域上运行oTree，以便可以与同一台计算机上托管的其他站点共享端口80，可以尝试以下配置。下面的示例假设oTree服务器在端口8000上运行。对于HTTPS，将80到443 ws前缀更改为wss:

<VirtualHost *:80>
    ServerName otree.domain.com
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    RewriteEngine On
    RewriteCond %{HTTP:Connection} Upgrade [NC]
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteRule /(.*) ws://127.0.0.1:8000/$1 [P,L]