Terminal Service Plus

The best Citrix / RDS Alternative for Remote Desktop and Web Access
https://forum.tsplus.net/

How to configure Apache mod_proxy for use with TSPlus

https://forum.tsplus.net/viewtopic.php?f=3&t=3617

Page 1 of 1

How to configure Apache mod_proxy for use with TSPlus

Posted: Thu Oct 29, 2015 9:27 am
by EDV-Team
Hi!

We want to use TSPlus behind an Apache 2.4 web-server with mod_proxy enabled.

This is what we set in our Apache default-ssl.conf for our TSPlus host:

Code: Select all

<VirtualHost *:443>
  ServerName tsplus.mydomain.com
  Redirect / https://tsplus.mydomain.com/
  ProxyRequests off
  ProxyPreserveHost on
  ProxyPass / https://tsplus.mydomain.com/
  ProxyPassReverse / https://tsplus.mydomain.com/
  SSLEngine on
  SSLProxyEngine on
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  SSLCertificateKeyFile /etc/apache2/ssl/myserver.key
  SSLCertificateFile /etc/apache2/ssl/myserver.crt
  ErrorLog /var/log/apache2/tsplus-ssl-error.log
  CustomLog /var/log/apache2/tsplus-ssl-access.log common
</VirtualHost>
I can successfully connect with the HTML5 client to the TSPlus server, but when the RDP session is initiated all things are extremely slow!
First it takes round about 5 Minutes till I see the Windows Desktop, when I start an application it also takes 5 minutes until I see it on
the remote session, and when I type in a user name or something like that, it also takes 5 minutes until I see what I was typing.

In the Apache access.log I get this entries every few seconds:
[29/Oct/2015:10:19:32 +0100] "GET /socket.io/xhr-polling/ea085b41-6b2c-43f0-890c-22910847638b/1446110387506 HTTP/1.1" 200 378
[29/Oct/2015:10:19:36 +0100] "POST /socket.io/xhr-polling/ea085b41-6b2c-43f0-890c-22910847638b/send HTTP/1.1" 200 248
[29/Oct/2015:10:19:36 +0100] "GET /socket.io/xhr-polling/ea085b41-6b2c-43f0-890c-22910847638b/1446110392326 HTTP/1.1" 200 391
In the Apache error.log I see this sometimes:
[Thu Oct 29 08:55:12.361116 2015] [proxy_http:error] [pid 17611] (70014)End of file found: [client xxx.xxx.xxx.xxx:33776] AH01102: error reading status line from remote server tsplus.mydomain.com:443, referer: tsplus.mydomain.com/
[Thu Oct 29 08:57:22.995342 2015] [proxy_http:error] [pid 17574] (70014)End of file found: [client xxx.xxx.xxx.xxx:33194] AH01102: error reading status line from remote server tsplus.mydomain.com:443
[Thu Oct 29 08:57:22.995511 2015] [proxy:error] [pid 17574] [client xxx.xxx.xxx.xxx:33194] AH00898: Error reading from remote server returned by /socket.io/websocket_https
Can anybody help us to get this running please?

Thx

Re: How to configure Apache mod_proxy for use with TSPlus

Posted: Fri Oct 30, 2015 1:34 am
by juwagn
Hello,

what you have configurated with Apache mod is called reverse proxy.
The problem is used transport xhr-polling instead Websockets. It is pure fallback solution, where I do not say, reverse proxies are absolutely unsupported, but surely only partially.
What you could try:
by default under www\software\html5\settings.js you will find variable
W.xhrreverse = true; //use xhr instead websockets, if recognized the usage of reverse proxies in environment, it may help 50/50
The problem for today, I am not up to date, if Apache_mod learned to support Websockets, highly not, but I am not sure, have no such environment where I could check things, but you can
set W.xhrreverse = false; and deleted cookies in browser (very important, else it will take last succeed transport from cookies - in your case xhr-polling) and retry again.
With W.xhrreverse = false; it will try Websockets as first transport forcibly.
If it helped, please report, I will than reset W.xhrreverse to be default false, but if not... well, you can try other reverse proxy modules that support Websockets.. I know only few proxies on Linux that have support for Websockets, but who knows, may be Apache fixed it in last few years.

Re: How to configure Apache mod_proxy for use with TSPlus

Posted: Fri Oct 30, 2015 1:43 am
by juwagn
Hello again,

by the way, googled and found
httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
so possibly
1. mod_proxy_wstunnel
2. W.xhrreverse = false;
3. ProxyPass "/" "ws://tsplus.mydomain.com/"
ProxyPassPassReverse "/" "ws://tsplus.mydomain.com/"
could do the trick, but absolutely unsure about, surely mod_proxy seems not to support it, only mod_proxy_wstunnel

Re: How to configure Apache mod_proxy for use with TSPlus

Posted: Fri Oct 30, 2015 2:50 pm
by EDV-Team
Thank you very much for your reply! :)

I've changed settings.js file for the HTML5 client and added the lines for wstunnel in default-ssl.conf, but it doesn't work. :-(
The HTML 5 Clients now tries to connect with websocket first, but seems to get a timeout. After that the client tries a connection over flashsocket which also don't work, so it switches again to xhr-polling as fallback.

Re: How to configure Apache mod_proxy for use with TSPlus

Posted: Fri Oct 30, 2015 5:04 pm
by juwagn

Code: Select all

Hello,

ok, according to your experience, if I now understand the info form Apache correctly, this proxy_wstunnel_module does not support auto recognizing of Websockets headers to take decision to switch to websockets handling, instead you tell via directive that subpath xyz is meant to be Websocket forwarded traffic.
ProxyPass / https://tsplus.mydomain.com/
ProxyPassReverse / https://tsplus.mydomain.com/
ProxyPass / ws://tsplus.mydomain.com/
ProxyPassPassReverse / ws://tsplus.mydomain.com/
So possibly that can not be mixed, so I assume, subpaths for http and ws requests have to be different... however it is only assumption, i have not the right environment to check these things..
another few things to check..


ProxyPass / https://tsplus.mydomain.com/
ProxyPassReverse / https://tsplus.mydomain.com/
for regular http
and plus additionally
ProxyPass /socket.io/websocket ws://tsplus.mydomain.com/socket.io/websocket
ProxyPassReverse /socket.io/websocket ws://tsplus.mydomain.com/socket.io/websocket
ProxyPass /socket.io/flashsocket ws://tsplus.mydomain.com/socket.io/flashsocket
ProxyPassReverse /socket.io/flashsocket ws://tsplus.mydomain.com/socket.io/flashsocket

ProxyPass /socket,io/websocket ws://tsplus.mydomain.com/socket,io/websocket
ProxyPassReverse /socket,io/websocket ws://tsplus.mydomain.com/socket,io/websocket
ProxyPass /socket,io/flashsocket ws://tsplus.mydomain.com/socket,io/flashsocket
ProxyPassReverse /socket,io/flashsocket ws://tsplus.mydomain.com/socket,io/flashsocket

I hope so, that when request comes beginning as example with /socket.io/websocket it will be autohandled as ws connection, and being forwarded by preserving same subpath ws://tsplus.mydomain.com/socket.io/websocket

I think it is worth of try this way too.
PS: if I had access to your environment and test everything out, things could go faster.

Re: How to configure Apache mod_proxy for use with TSPlus

Posted: Fri Oct 30, 2015 5:05 pm
by juwagn
ps: the forum discarded the links inside my answer, so i had to post message as code..
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited