Websockets support

[razb]

It appears that the proxy does not support web-sockets. Any plans to add that support?

Thanks for a great product!

[jehiah]

@razb There has been some work on this by @airhorns in #14

[razb]

Perfect. This works for me!

Thanks again

[hexedpackets]

There are now two separate PRs opened to add websocket support - #14 and #64 - but no movement on either. The first hasn't been touched in over a year. Can we have this issue re-opened as a tracker until support is actually added?

[pgr0ss]

👍 I would love support for websockets.

[igorgatis]

+1

[okev]

+1

[jehiah]

I love seeing the support for this feature. Anyone want to champion this with a patch to add websocket support?

[sammerry]

+1 running into this same problem trying to proxy ipython.

[neurogenesis]

+1, @jehiah ... looks like the following PR (comments as recent as 13 days ago) was also submitted to address this. adding to this thread for visibility...

#145

[emirot]

Is there any chance to have websockets supported anytime soon ?

[917huB]

likewise... big +1 here

[chris-martin]

As a workaround, you can use nginx with auth_request, right?

[917huB]

looks like someone figured out how to integrate the web sockets fixes into a fork of this.
https://github.com/funkymrrogers/oauth2_proxy

[thunderace]

This work for me (nodered behing nginx/oauth2_proxy :

server {
	listen   443;
	server_name     nodered.mycompany.fr;
	ssl on;
	ssl_certificate /etc/letsencrypt/live/nodered.mycompany.fr/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/nodered.mycompany.fr/privkey.pem;	
	ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
  ssl_session_cache shared:SSL:50m;
  ssl_prefer_server_ciphers on;
	add_header Strict-Transport-Security max-age=2592000;
  
  location /oauth2/ {
    proxy_pass       http://127.0.0.1:4180;
    proxy_set_header Host                    $host;
    proxy_set_header X-Real-IP               $remote_addr;
    proxy_set_header X-Scheme                $scheme;
    proxy_set_header X-Auth-Request-Redirect $request_uri;
  }	
  
  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/sign_in;
    # pass information via X-User and X-Email headers to backend,
    # requires running with --set-xauthrequest flag
    auth_request_set $user   $upstream_http_x_auth_request_user;
    auth_request_set $email  $upstream_http_x_auth_request_email;
    proxy_set_header X-User  $user;
    proxy_set_header X-Email $email;

    # if you enabled --cookie-refresh, this is needed for it to work with auth_request
    auth_request_set $auth_cookie $upstream_http_set_cookie;
    add_header Set-Cookie $auth_cookie;
    proxy_pass http://192.168.1.230:3008;

    chunked_transfer_encoding off;
    proxy_buffering off;
    proxy_cache off;  

  	proxy_redirect     off;
  	proxy_http_version 1.1;
  	proxy_set_header Upgrade $http_upgrade;
  	proxy_set_header Connection "Upgrade";
  	proxy_set_header Host $http_host;
    }
}

[mizzao]

See also #201 and #145 and #486.

I'm guessing the creators don't use WS in their deployments and that's why it hasn't been merged.

[chirino]

Luckily the folks at https://github.com/openshift/oauth-proxy have merged in the websocket support so I guess folks could just switch to that if it's an issue. Thank goodness for open source forks.

[Freundschaft]

alright, so no chance that this will ever be merged i guess?

[ryuheechul]

Hope this repo supports websockets and it would be very helpful many websites use websockets