Add websocket support #201
Conversation
|
I was having websockets issues with ipython terminal (terminado) when using grahamrhay's solution (#145). After reverting it and adding this implementation, it started working. Thanks! |
|
I'm glad it worked for you! |
|
Had a slight problem with this and firefox. Tweaked it to work with: |
|
I've updated the PR with better handling of the upgrade/connection headers - it should handle the firefox case now. Thanks! |
|
👍 I've tested this as working with a websockets app (bokeh) that is broken by v2.0.1. |
|
I've dropped a copy of my test build of this PR on s3. https://s3.amazonaws.com/oauth2_proxy/oauth2_proxy-2.0.1.linux-amd64.go1.5.4.tar.gz |
|
We're using this branch on our servers and it works great. Would welcome it being merged & released. |
|
@jehiah I'd be happy to help in any way get this merged. Please do let me know if there's anything I can do! |
|
I am using my binary build above in production. There have been a few unexpected exits (systemd disables core dumps by default, so it is unknown if it was an abort or clean exit) but after changing systemd to always restart the proxy, the problem has not been observed again. |
|
Another data point: Tested this with Jupyter notebooks with the Github provider, no SSL, and it works for that case. Code looks OK too. |
|
@jehiah any plans to merge this and add support for websockets ? Thanks for the nice work :) |
|
+1 |
1 similar comment
|
+1 |
|
Is there any hope of this getting merged into stable anytime soon? :) |
|
FYI: This may be of use to those using this patch in conjunction with apache to handle vhosts. (Would sure be nice to have vhost support in oauth2_proxy too!) |
|
Any progress on this? I could really use Websocket support for a project I'm currently working on. |
|
@jehiah Is there any plans to merge this? It looks like multiple people have already tested it. |
|
A very welcomed feature, could it be merged ? |
|
Not that I don't think this should be merged but you can use the ngix auth_request directive in order to make websockets work. |
…PR from soellman on bitly oauth2_proxy bitly/oauth2_proxy#201
|
@jehiah Can you please provide feedback on what needs to be done to make this pull request acceptable? |
|
In the meantime I've built binaries for the current version, with this patch, and published them here https://github.com/weargoggles/oauth2_proxy/releases/tag/v2.2-websocket |
| for _, header := range HandshakeHeaders { | ||
| delete(upstreamHeader, header) | ||
| } | ||
| upstreamHeader.Set("Host", r.Host) |
There was a problem hiding this comment.
I think this also needs X-Forwarded-Proto, otherwise a rails app behind the proxy would fail the handshake. Rails has a config.force_ssl setting and it affects ws/wss as well.
| ConnectionHeaderValue = "Upgrade" | ||
| UpgradeHeaderValue = "websocket" | ||
|
|
||
| HandshakeHeaders = []string{ConnectionHeaderKey, UpgradeHeaderKey, WSVersionHeaderKey, WSKeyHeaderKey} |
There was a problem hiding this comment.
I needed to add "sec-websocket-extensions" to this list to get it to work. (See https://github.com/gorilla/websocket/blob/a91eba7f97777409bc2c443f5534d41dd20c5720/client.go#L237)
|
Are there any options that need to be turned on for this to work? I'm getting the following error when trying to use WS, though normal HTTP works: |
This PR adds support for transparent websocket proxying within the HTTP and HTTPS upstreams.
This method uses gorilla/websocket for both the client and the upstream connections and just bridges the sockets when negotiation of both sides is successful. It also tries to close the connections properly after one side or another is done, although more precise error handling could be done there.