caddy icon indicating copy to clipboard operation
caddy copied to clipboard
verified publisher icon caddyserver

reverse proxy: rewrite requests and responses for websocket over http2

Open WeidiDeng opened this issue 1 year ago • 4 comments

Supports reverse proxying h2 websockets to backends. Fix 5565.

Requires upstream support, but can be tested with xcaddy build reverse-proxy-h2-websocket --replace golang.org/x/net=github.com/WeidiDeng/net@websocket-http2

WeidiDeng avatar Sep 10 '24 02:09 WeidiDeng

Very neat, nice work @WeidiDeng :100:

mholt avatar Sep 10 '24 14:09 mholt

I'm not 100% sure but a regular HTTP/2 GET request should contain the new setting parameter as outlined in RFC8441 Section 3?

[0-0] == Info: [HTTP/2] [0] ingress: read 45 bytes
[0-0] == Info: [HTTP/2] [0] <- FRAME[SETTINGS, len=36]
[0-0] == Info: [HTTP/2] [0] MAX_CONCURRENT_STREAMS: 250
[0-0] == Info: [HTTP/2] [0] ENABLE_PUSH: TRUE
[0-0] == Info: [HTTP/2] [0] notify MAX_CONCURRENT_STREAMS: 250
[0-0] == Info: [HTTP/2] [0] -> FRAME[SETTINGS, len=18]
[0-0] == Info: [HTTP/2] [0] -> FRAME[SETTINGS, ack=1]
[0-0] == Info: [HTTP/2] [0] -> FRAME[WINDOW_UPDATE, incr=1048510465]
[0-0] => Send SSL data, 5 bytes (0x5)
0000: 17 03 03 00 5a                                  ....Z
[0-0] => Send SSL data, 1 bytes (0x1)
0000: 17                                              .
[0-0] == Info: [HTTP/2] [0] egress: wrote 73 bytes
[0-0] == Info: [HTTP/2] cf_connect() -> 0, 1,
[0-0] == Info: using HTTP/2
[0-0] == Info: [HTTP/2] [1] OPENED stream for https://xxxxxxx.xxx/

Tested via curl:

curl --trace request.dump --trace-config http/2 https://example.com

bt90 avatar Sep 29 '24 16:09 bt90

i'm not sure about curl debug dump. But I tested this with my Chrome and it works. The setting frame is send at the start of a new http2 connection, so it's sent regardless of the method client uses.

Even without my patch, golang http2 sends the following settings:

image

The output doesn't list all of them.

WeidiDeng avatar Sep 30 '24 01:09 WeidiDeng

Successfully tested in Firefox :+1:

Bildschirmfoto vom 2024-10-05 11-38-26

bt90 avatar Oct 05 '24 09:10 bt90

Upstream merged in 9a51899. Waiting for the next release.

WeidiDeng avatar Nov 26 '24 01:11 WeidiDeng

golang/x/net v0.32.0 is out.

WeidiDeng avatar Dec 05 '24 01:12 WeidiDeng

Is this a simple version bump which could be done in this PR or are there any side effects?

bt90 avatar Dec 05 '24 08:12 bt90

It's in another pr.

WeidiDeng avatar Dec 05 '24 11:12 WeidiDeng

So this is ready to merge @WeidiDeng ?

francislavoie avatar Dec 05 '24 22:12 francislavoie

Yes @francislavoie

WeidiDeng avatar Dec 06 '24 00:12 WeidiDeng

I updated to latest master which included this commit, and it broke WebSocket reverse-proxying towards an HTTP/1.1 backend on Firefox for me. The connection to wss://[...] was interrupted while the page was loading.

jeda avatar Dec 11 '24 05:12 jeda

See #6733

bt90 avatar Dec 11 '24 06:12 bt90

@JeDaYoshi try xcaddy build encode-connect to see if it's fixed, or use the following request matchers

@not_h2_ws not {
    header :protocol *
    method CONNECT
    protocol http/2
}
encode @not_h2_ws zstd gzip

WeidiDeng avatar Dec 11 '24 06:12 WeidiDeng

I should check PRs/issues properly before commenting things.. My apologies.

@WeidiDeng encode-connect / #6738 seems to be working for me.

jeda avatar Dec 11 '24 06:12 jeda