Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure WebSockets ? #115

Closed
hoxca opened this issue Feb 29, 2020 · 8 comments
Closed

Secure WebSockets ? #115

hoxca opened this issue Feb 29, 2020 · 8 comments

Comments

@hoxca
Copy link

hoxca commented Feb 29, 2020

Does lets-proxy could support proxying of WSS.
If so, how are they setup on the config section ?
@rekby
Copy link
Owner

rekby commented Mar 1, 2020

Current version doesn't support it because compile with old golang (1.10). It need for work in old, unsupported system.

Lets proxy use standard reverse proxy for proxy http. It support websocket from go 1.12.
https://golang.org/doc/go1.12#net/http/httputil

You can compile it with new version, welcome to help with #102 or try to use https://github.com/rekby/lets-proxy2/releases/tag/v0.21.3 - this version was compiled with go 1.12

It isn't need some in config.

@rekby rekby closed this as completed Mar 1, 2020
@hoxca
Copy link
Author

hoxca commented Mar 1, 2020

I try to use 0.21.3 without success

On client

Accept-Encoding: gzip, deflate, br
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: Upgrade
Host: k****.a****.org:5951
Origin: https://k****.a****.org
Pragma: no-cache
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Key: xOySYwXjn4MfNUsEeamq5A==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36

On proxy

2020-03-01T20:45:16.764+0100 debug tlslistener/tlslistenershandler.go:218 TLS Handshake {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da"}
2020-03-01T20:45:16.773+0100 debug proxy/http-proxy.go:88 Get connection context for request {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da"}
2020-03-01T20:45:16.787+0100 debug proxy/directors.go:75 Set target as same ip {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da", "local_addr": "192.168.0.48:5951", "dest_host": "k****.a****.org:5951"}
2020-03-01T20:45:16.799+0100 debug proxy/directors.go:100 Map director set dest {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da", "host": "192.168.0.48:5950"}
2020-03-01T20:45:16.812+0100 debug proxy/directors.go:137 Parse remote addr for headers {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da", "host": "192.168.0.254", "port": "53769"}
2020/03/01 20:45:16 http: proxy error: EOF
2020-03-01T20:45:16.886+0100 debug tls/conn.go:1294 Connection closed. {"connection_id": "dfa4d2ea-dbdb-463b-beea-1dfffc3ed6da"}

On server

20:45:16 853 - [026] Started ServerClient Thread with ID 26
20:45:16 853 - [026] Error : Malformed WebSocket Request [Missing Sec-WebSocket-Key Header]
20:45:16 884 - [026] Socket Disconnected
20:45:16 891 - [026] Thread Finished

@rekby rekby reopened this Mar 2, 2020
@rekby
Copy link
Owner

rekby commented Mar 5, 2020

I don't do anything special for websocket.
It was added to go 1.12 https://golang.org/doc/go1.12#net/http/httputil

You can try download binary from latest go, when I complete #102

May be in latest it will work better.

If you tell me your os/arch - I can compile test binary for you.

@rekby rekby closed this as completed Mar 5, 2020
@hoxca
Copy link
Author

hoxca commented Mar 6, 2020

I was testing letproxy2 on a windows 10.
I'm used to traefik but on windows let's encrypt acme won't work with traefik as go miss the posix fs !
Letproxy2 seems to not have this limitation... https works like a charm ;)
Maybe a missing header somewhere for wss ?

Anyway windows is pain for me :(
I will maybe offload the reverse proxy to linux machine.

Thank you for your help.

@rekby
Copy link
Owner

rekby commented Mar 7, 2020

I done multigo builds and you can download latest version with fresh go compiled and stdlib (with websocket).

I'm not work with websocket doesn't know any details and can't help you wss specific problems :(

@hoxca
Copy link
Author

hoxca commented Mar 7, 2020

I don't want to annoy you, but don't you think the TargetMap should also handle the scheme ?
This way you can have multiple backend (some in http others in https).
The HTTPSBackend option is applied (wide) for the whole list of backends.

Not really a go version problem... I use 'go version go1.13.4 darwin/amd64' for cross-compilation.
scheme is at this time hardcoded and setting the correct header for wss or ws will be difficult ?

@rekby
Copy link
Owner

rekby commented Mar 7, 2020

Yes, it is true - lets-proxy now doesn't support mixed http/https backends.
I think about it while create HTTPSBackend option, but it will increase difficult of TargetMap parser I don't want it without big reason.

Now it has workaround - create two lets-proxy process - one for http and one for https backends.

You can create common config and include it from personal configs - for prevent copy-paste settings other then targetmap.

I create issue for it: #122 but I don't understand how often it need and can't say you when I will do it.

@rekby
Copy link
Owner

rekby commented Mar 7, 2020

setting the correct header for wss or ws will be difficult

What headers you want to change?
I think about add simple replacer or regexp replacer will simple.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hoxca @rekby