Channels - using SSL with reverse proxy behind Apache. Does Daphne need to support SSL and WSS?

Hi, I'm running Django Channels with Daphne behind Apache using reverse proxy. Everything is working non-SSL and here's my Apache virtualhost conf

<VirtualHost x.x.x.x:80>
SuexecUserGroup "#1029" "#1029"
ServerName aaa.bbb.com
ServerAlias www.aaa.bbb.com
ErrorLog /var/log/virtualmin/aaa.bbb.com_error_log
CustomLog /var/log/virtualmin/aaa.bbb.com_access_log combined
DirectoryIndex index.html index.htm index.php index.php4 index.php5

ProxyPreserveHost On
ProxyPass /public/static !
ProxyPass "/ws/"  "ws://127.0.0.1:8000/"
ProxyPass "/wss/"  "wss://127.0.0.1:8000/"
ProxyPassReverse "/ws/"  "ws://127.0.0.1:8000/"
ProxyPassReverse "/wss/"  "wss://127.0.0.1:8000/"
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/

Alias /public/static /home/wsock/wsock_system/interface/public/static
<Directory /home/wsock/wsock_system/interface/public/static>
  Require all granted
</Directory>

</VirtualHost>

Now I want to implement SSL. I've got this virtualhost onf for port 443 which I'm sure is setup incorrectly

<VirtualHost x.x.x.x:443>
SuexecUserGroup "#1029" "#1029"
ServerName aaa.bbb.com
ServerAlias www.aaa.bbb.com
ErrorLog /var/log/virtualmin/aaa.bbb.com_error_log
CustomLog /var/log/virtualmin/aaa.bbb.com_access_log combined
DirectoryIndex index.html index.htm index.php index.php4 index.php5

ProxyPreserveHost On
ProxyPass /public/static !
ProxyPass "/ws/"  "ws://127.0.0.1:8000/"
ProxyPassReverse "/ws/"  "ws://127.0.0.1:8000/"
SSLProxyEngine on
ProxyPass "/wss/"  "wss://127.0.0.1:8000/"
ProxyPassReverse "/wss/"  "wss://127.0.0.1:8000/"
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/

SSLEngine on
SSLCertificateFile /home/wsock/ssl.cert
SSLCertificateKeyFile /home/wsock/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Alias /public/static /home/wsock/wsock_system/interface/public/static
<Directory /home/wsock/wsock_system/interface/public/static>
  Require all granted
</Directory>

</VirtualHost>

I'm launching Daphne and the works from supervisord

[program:server_interface]

command=/home/wsock/wsock_system/interface/environment/bin/daphne -b 127.0.0.1 -p 8000 perks.asgi:channel_layer -v 2 --access-log /home/wsock/wsock_system/interface/logs/daphne-access.log
directory=/home/wsock/wsock_system/interface
redirect_stderr=false
stderr_logfile=/home/wsock/wsock_system/interface/logs/daphne-stderr.log
stdout_logfile=/home/wsock/wsock_system/interface/logs/daphne-stdout.log

autostart=true
autorestart=true
stopasgroup=true
user=wsock
~        

For normal Django webpage browsing, SSL is working and I get the browser SSL padlock. Now I'm trying to configure my external websockets to also use SSL.

My questions are:

1) Since I'm using Apache "out front" do I need to use SSL on Dahne (with Twisted) when launching it like referred to here? Or is Apache handling all the SSL and Daphne will just see non-SSL traffic (both for web browsing and websocket traffic)?
https://github.com/django/daphne

2) Also, for websocket SSL to work do my external webockets need to connect to the URL wss://aaa.bbb.com ? Or does ws://aaa.bbb.com also work? Currently when I configure my external websockets to connect to aaa.bbb.com:80 with URL ws: it works, but when I also connect to aaa.bbb.com:443 with URL ws: that also works. Connecting to any port as wss: does not work

TIA

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8146b5c4-f45d-4f38-a1b8-87af717af069%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.