Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx service: enable websocket proxy support with recommendedProxySe… #28981

Closed
wants to merge 1 commit into from
Closed

nginx service: enable websocket proxy support with recommendedProxySe… #28981

wants to merge 1 commit into from

Conversation

bachp
Copy link
Member

@bachp bachp commented Sep 4, 2017

Motivation for this change

Enable websocket support when recommendedProxySettings = true;

This means the forwarding connection will always be HTTP/1.1 which seems
reasonable these days.

Further it passes allong the Upgrade header to the upstream proxy.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@bachp
nginx service: enable websocket proxy support with recommendedProxySe…
b1da432 
…ttings

This means the forwarding connection will always be HTTP/1.1 which seems
reasonable these days.

Further it passes allong the Upgrade header to the upstream proxy.
@mention-bot
Copy link

@bachp, thanks for your PR! By analyzing the history of the files in this pull request, we identified @globin, @domenkozar and @rnhmjoj to be potential reviewers.

@fpletz
Copy link
Member

fpletz commented Sep 5, 2017

Does it really make sense to enable Websockets for every request? No webserver or proxy does this by default and the install instructions of most web applications restrict websocket configurations to specific request paths. I'll investigate some more before deciding to merging this.

We have this commit in our fork which would be an alternative if passing the Upgrade header by default isn't safe.

@bachp
Copy link
Member Author

bachp commented Sep 6, 2017

@fpletz Addint this as an additional option similar to your fork would also be nice. I just think it should be easier to enable websocket proxying than it is right now.

@bachp
Copy link
Member Author

bachp commented Sep 10, 2017

This is already solved by 65c2203

@bachp bachp closed this Sep 10, 2017
@fpletz
Copy link
Member

fpletz commented Sep 10, 2017

Oh, @globin already pushed it to master. Great if that version works for you. I've done some research but haven't found any good information about possible security implications.

@bachp bachp deleted the nginx-websocket branch September 10, 2017 09:13
@bachp
Copy link
Member Author

bachp commented Sep 10, 2017

@fpletz Your commit does exactly what I intended (except better). Works perfectly fine thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bachp @mention-bot @fpletz @Mic92