How to run socket.io on port 443 where apache is running?

Question

I need to run socket.io on port 443 (where apache run https site with Let's Encrypt)

The idea is to use a apache proxy that will redirect the traffic to the socket.io port. I found that solution:

<VirtualHost *:443>
     ServerName mysite.com
     ServerAlias www.mysite.com

     SSLEngine on
     SSLProxyEngine On
     ProxyRequests Off

     SSLCertificateFile /etc/apache2/ssl/mysite.com.crt
     SSLCertificateKeyFile /etc/apache2/ssl/mysite.com.key
     SSLCertificateChainFile /etc/apache2/ssl/ca.cer

     DocumentRoot /var/www/errorPages

     ErrorDocument 503 /503.html
     ProxyPass /503.html !

     ProxyPass / http://localhost:3999/
     ProxyPassReverse / http://localhost:3999/

RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:3999%{REQUEST_URI} [P]

</VirtualHost>

I run the socket.io on port 3999 HTTPS site works fine, howevever I got http 404 errors. I guess problem is on rewriteCond.

websocket.js:112 WebSocket connection to 'wss://mysite.com/socket.io/?id=11518237&username=john failed: Error during WebSocket handshake: Unexpected response code: 404

Answer 1

Try mod_proxy_wstunnel

It provides support for the tunnelling of web socket connections to a backend websockets server. The connection is automatically upgraded to a websocket connection

https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html

Answer 2

Use different IP addresses for the different uses. You have <VirtualHost *:443> which tries to use all IP addresses for the single virtual host. I think you want a <VirtualHost pub.lic.ip.addr:443> for Let's Encrypt and a <VirtualHost localhost:443> for the socket.io proxy.