httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ray Navarette <ray.navare...@pb.com>
Subject RE: [users@httpd] WebSockets support in transparent proxy
Date Tue, 18 Jul 2017 19:24:55 GMT
Thanks for the quick response.  I don’t believe the scenario (or at least intend) for this
is to be set up as a reverse proxy.  My goal is actually not to mask the internal DNS names
of the systems behind a publicly accessible name.  Rather, I’ve set up my browser using
a configurable proxy that is activated based on URL pattern.  This allows me to use the proxy
simply by browsing from my machine on the external network to the URL of a resource hosted
within the private network, accessing the resource through the proxy.  This works well for
most resources.  Websocket requests, initiating as http requests with the “Upgrade: websocket”
header, fail though.

I can reproduce similar behavior using the websocket echo test (http://www.websocket.org/echo.html).
 When this site is accessed through the proxy server, unsecured (again, initiated as http)
websocket connections fail.  Interestingly, this demo also supports secured websocket connection
and when selecting this option, the demo works fine.  Seems that the https traffic is forwarded
in a way that the websockets still work successfully.  This really is what I’m hoping to
see happen for the basic http traffic.

Overall, my goal for this proxy server is to be as hands-off as possible, just a relay between
the two networks.  Any help toward that goal is appreciated.  Below is the config extension
I added.  The rest of the configuration is unchanged from install (except that I did change
listen port in httpd.conf), including the module includes (which include all the mod_proxy
modules, including _http and _wstunnel).

Contents of ‘/etc/httpd/conf.d/forward-proxy.conf’.  (Yes, I’ll be securing this, for
now I just block the port on the proxy server while not testing)
------------------------------------------------------------------------------------------------
ProxyRequests On
ProxyVia On
ProxyTimeout 60

<Proxy *>
  Require all granted
</Proxy>
------------------------------------------------------------------------------------------------

From: Yehuda Katz [mailto:yehuda@ymkatz.net]
Sent: Monday, July 17, 2017 11:40 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] WebSockets support in transparent proxy

What you are describing sounds like a reverse proxy to me. Are you using ProxyPass and did
you try the same configuration with the ws or wss protocol (in place of http/https)?

Can you post a snippet of your current configuration?

- Y
Sent from a device with a very small keyboard and hyperactive autocorrect.


On Jul 17, 2017 11:27 PM, "Ray Navarette" <ray.navarette@pb.com<mailto:ray.navarette@pb.com>>
wrote:
Hi Everyone,

Sorry if I’ve completely missed this but I’m hoping maybe someone can help with what I
hoped would be a simple setup.  I’m setting up a proxy server on an edge node of a private
network in order to expose a number of internal services within the private side to the public
side through the proxy.  This method works well for most traffic.  Unfortunately, a number
of requests are initiating websocket connections using the upgrade method.  Is there any way
that I can easily get these forwarded properly and respond to the client in a generic (not
having to map every possible server) way?  I’ve seen some things for reverse proxy, but
not forward.  Any and all help is much appreciated.

Thanks,
Ray

________________________________



________________________________

Mime
View raw message