HOWTO: behind Apache is very interesting, but it used to be very hard to put to work behind a frontend, mostly because of web sockets and being designed to be directly connected.

This means that your nodejs-enabled consumed an IP:port pair and since is an https oriented application (can be run in http but you really don’t want that) that means your https port (who has more than one IP either at home or his VPS?) is now BUSY with one single application… sucks and I gave up for some time and wasted my connection’s IP address at the standard https port.

Meanwhile… Good news, everyone!

I recently came up a new Apache module for web sockets: mod_proxy_wstunnel.

Searching for and wstunnel… it turns out my irrational friend Mark Jaroski also published a note about that! Please note that you may not need to build the module, if you have a recent enough Apache 2.4.x version it may already be there, check your bundled modules!

So here’s my setup: the OpenWRT router forwards port 443 incoming into a frontend KVM guest running Apache httpd which then forwards to some of my sites, one of which is my pump at

The frontend’s web site looks like this:

<VirtualHost *:443>
        CustomLog logs/ common
        ErrorLog logs/
        DocumentRoot /var/www/html/default

        SSLEngine On
        SSLCertificateFile conf/ssl.crt/
        SSLCertificateKeyFile conf/ssl.key/
        SSLCertificateChainFile conf/ssl.crt/startssl-chain.crt
        SSLCACertificateFile conf/ssl.crt/startssl-chain.crt

        SSLProxyEngine On

        <Location /main/realtime/sockjs>
                ProxyPass wss://192.168.x.y/main/realtime/sockjs
                ProxyPassReverse wss://192.168.x.y/main/realtime/sockjs

        <LocationMatch ".*\.(jpg|png|gif)$">
                CacheEnable disk

        ProxyPreserveHost On

        ProxyPass               /       https://192.168.x.y/
        ProxyPassReverse        /       https://192.168.x.y/

And at my KVM guest, 192.168.x.y, I have…

    "driver":  "redis",
    "noweb":  false,
    "site":  "1407 Pump",
    "owner":  "Rui Seabra",
    "ownerURL":  "",
    "port":  443,
    "hostname":  "",
    "nologger":  false,
    "serverUser":  "pumpio",
    "key":  "/etc/",
    "cert":  "/etc/",
    "uploaddir": "/opt/",
    "logfile": "/var/log/",
    "debugClient": false,
    "firehose": "",
    "disableRegistration": true,
    "requireEmail": false,
    "smtpserver": "",
    "smtpuser": "aLoginAtYourServer",
    "smtppass": "some good password",
    "smtpusetls": true,
    "smtpport": 587,
    "smtpfrom": "",
    "secret": "some good secret"

So there you go…