On Thu, Jan 5, 2017 at 10:36 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>
> For the record (after private discussion with Adam), it seems that a
> configuration like the below would work for http(s) and ws(s) on the
> same URL:
>
> RewriteEngine on
> RewriteCond %{HTTP:Upgrade} "(?i)websocket"
> RewriteRule ^/(.*)$ wss://backend/$1 [P]
> ProxyPass / https://backend/
*But* note that having both HTTP(s) and WS(s) on the same URL it is
*not* recommended, mainly for security reasons.
While mod_proxy_http is a strict HTTP protocol validator,
mod_proxy_wstunnel is only a tunnel (a TCP proxy) once the upgrade is
asked by the client/browser).
So with the above configuration a simple Upgrade header in the request
would open a tunnel with backend, including for "normal" HTTP traffic.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|