WebSocket connection failed with Apache reverse proxy after upgrading to Cells 4.0.4


I’m running Cells behind Apache reverse proxy. Both running on the same CentOS 8 server.
The Apache is 2.4.37.

I recently upgraded from Cells 3.x to 4.0.4.
After the upgrade I’m getting an error message at the bottom of the browed UI:
Connection issue
Websocket seems to be disconnected, please make sure that the server is up and websocket connection is working.

This is my configuration:

The following sites are currently defined:
| # |        BIND(S)         |     TLS     |       EXTERNAL URL       |
| 0 | https://localhost:8181 | Self-signed | https://mypublicdomain.com |

This is my Apache configuration:

<VirtualHost *:443>
        ServerName mypublicdomain.com
        AllowEncodedSlashes On
        RewriteEngine On
        SSLProxyEngine On

        ## The order of the directives matters.
        # If Cells is not running with https, consider using ws instead of wss
        ProxyPassMatch "/ws/(.*)" wss://localhost:8181/ws/$1 nocanon

        ## This rewrite condition is required if using Cells-Sync
        RewriteCond %{HTTP:Content-Type} =application/grpc [NC]
        RewriteRule /(.*) h2://localhost:8181/$1 [P,L]

        ProxyPass "/" "https://localhost:8181/"
        ProxyPassReverse "/" "https://localhost:8181/"

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLCertificateFile /etc/letsencrypt/live/cells.example.com/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/cells.example.com/privkey.pem
		Include /etc/letsencrypt/options-ssl-apache.conf

When I hit https://localhost:8181, everything is working fine including the websockets.
When I hit https://mypublicdomain.com through the Apache reverse proxy, the websockets are not working. Everything was working just fine when before the Cells 3.x to 4.0.4 upgrade.

What can be the issue?

I’m still getting the same error after upgrading to Cells 4.0.5

It seems like the self-signed certificate in Cells is the issue because if I turn off TLS on the Cells and change the following lines in the Apache configuration, the websockets are working just fine:

ProxyPassMatch "/ws/(.*)" ws://localhost:8181/ws/$1 nocanon

ProxyPass "/" "http://localhost:8181/"
ProxyPassReverse "/" "http://localhost:8181/"
+---+------------------------+---- ---+----------------------------+
| # |        BIND(S)         |  TLS   |        EXTERNAL URL        |
+---+------------------------+------ -+----------------------------+
| 0 | https://localhost:8181 | No Tls | https://mypublicdomain.com |
+---+------------------------+------ -+----------------------------+

What changed in v4 to cause the websocket issue?


When you activate self-signed cert, please try following params in reverse proxy settings:

  SSLProxyVerify None
  SSLProxyCheckPeerCN Off
  SSLProxyCheckPeerName Off

Unfortunately, adding those 3 settings in my Apache configuration don’t make any difference. The websocket error remains.