Websocket not working with HTTPS Upstream #271
Comments
|
So |
|
With fabio it is perfectly working with SNI or ssl termination done by fabio. Directly to the upstream it works too. It doesn't work when using man in the middle approach of fabio with the new feature HTTPS Upstream. To be more precise, i'm using the same certificate in fabio and in the upstream. Tlsskipverify=true is set too. My backend is a tomcat. I will try with sse to check if it's working. |
|
I think this is the problem: https://github.com/fabiolb/fabio/blob/master/proxy/http_proxy.go#L105 The websocket traffic is tunneled via a TCP connection which isn't using the same TLS connection setup that is used for HTTPS. |
This patch adds support for websockets on HTTPS upstream servers. Fixes #271
This patch adds support for websockets on HTTPS upstream servers. Fixes #271
|
@deuch I have provided a patch which should fix the problem. I think I've tested all the combinations. You can find the test in the |
This patch adds a $upstream_service field to the available access log fields.
|
Pls ignore the last commit about the access log field. I had a typo in the commit msg. |
This patch adds support for websockets on HTTPS upstream servers. Fixes #271
|
I will test it tuesday and the 274 issue (consul token renewal) too ! Thanks ! |
|
@deuch Cool and thanks. Enjoy your weekend. |
|
I was running into this issue as well. The 94beb91 patch fixes it for me. |
|
@shadowfax-chc That's good to know. Thanks for testing this. |
|
Hello, for websocket (wss) it seems to work, thanks ! But i've an another issue. To do my testing i'm using the official examples from Tomcat. It exists a Comet testing that fails with https upstream (works in SNI and HTTPS --> HTTP). Comet processing example: This is the path to test it when you deploy tomcat (normally those examples are in the official tomcat docker images) : Can you have a look to check why it doesn't work please ? |
|
If this is a different issue then could you please open a separate issue? |
|
Ok i will check with some ajax stuff and if it fails, i will open a new issue. |
|
Seems to work for me with Ajax too ! |
|
merged |
Hello,
I(m using Fabio 1.4.3 and i've an issue with Websocket and HTTPS Upstream.
I've done a setup with tags for HTTPS Upstream and the website is OK except for web socket in my page. In my browser i've a error : WebSocket Error : Connection already closed.
The wss:// endpoint is good (the one set in my url-prefix).
The same setup with SNI or SSL termination are OK. For HTTPS upstream, i'm using the same certificate than the one in Fabio.
I need to have SSL end to end. I can not do SNI, because for some setup, i need path routing.
Any ideas ? A bug or something impossible to do ?
The text was updated successfully, but these errors were encountered: