RE: WebSockets support in transparent proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the quick response.  I don’t believe the scenario (or at least intend) for this is to be set up as a reverse proxy.  My goal is actually not to mask the internal DNS names of the systems behind a publicly accessible name.  Rather, I’ve set up my browser using a configurable proxy that is activated based on URL pattern.  This allows me to use the proxy simply by browsing from my machine on the external network to the URL of a resource hosted within the private network, accessing the resource through the proxy.  This works well for most resources.  Websocket requests, initiating as http requests with the “Upgrade: websocket” header, fail though.

 

I can reproduce similar behavior using the websocket echo test (http://www.websocket.org/echo.html).  When this site is accessed through the proxy server, unsecured (again, initiated as http) websocket connections fail.  Interestingly, this demo also supports secured websocket connection and when selecting this option, the demo works fine.  Seems that the https traffic is forwarded in a way that the websockets still work successfully.  This really is what I’m hoping to see happen for the basic http traffic.

 

Overall, my goal for this proxy server is to be as hands-off as possible, just a relay between the two networks.  Any help toward that goal is appreciated.  Below is the config extension I added.  The rest of the configuration is unchanged from install (except that I did change listen port in httpd.conf), including the module includes (which include all the mod_proxy modules, including _http and _wstunnel).

 

Contents of ‘/etc/httpd/conf.d/forward-proxy.conf’.  (Yes, I’ll be securing this, for now I just block the port on the proxy server while not testing)

------------------------------------------------------------------------------------------------

ProxyRequests On

ProxyVia On

ProxyTimeout 60

 

<Proxy *>

  Require all granted

</Proxy>

------------------------------------------------------------------------------------------------

 

From: Yehuda Katz [mailto:yehuda@xxxxxxxxxx]
Sent: Monday, July 17, 2017 11:40 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] WebSockets support in transparent proxy

 

What you are describing sounds like a reverse proxy to me. Are you using ProxyPass and did you try the same configuration with the ws or wss protocol (in place of http/https)?

 

Can you post a snippet of your current configuration?

 

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

 

 

On Jul 17, 2017 11:27 PM, "Ray Navarette" <ray.navarette@xxxxxx> wrote:

Hi Everyone,

 

Sorry if I’ve completely missed this but I’m hoping maybe someone can help with what I hoped would be a simple setup.  I’m setting up a proxy server on an edge node of a private network in order to expose a number of internal services within the private side to the public side through the proxy.  This method works well for most traffic.  Unfortunately, a number of requests are initiating websocket connections using the upgrade method.  Is there any way that I can easily get these forwarded properly and respond to the client in a generic (not having to map every possible server) way?  I’ve seen some things for reverse proxy, but not forward.  Any and all help is much appreciated.

 

Thanks,

Ray

 


 

 





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux