From afbad5601254b218667d9fb641295e5566542cbd Mon Sep 17 00:00:00 2001 From: SALLEYRON Julien Date: Fri, 20 Oct 2017 17:38:04 +0200 Subject: [PATCH] Force http/1.1 for websocket --- glide.lock | 4 +- glide.yaml | 2 +- .../fixtures/websocket/config_https.toml | 3 +- integration/websocket_test.go | 62 +++++++++++++++++++ vendor/github.com/vulcand/oxy/forward/fwd.go | 3 +- 5 files changed, 69 insertions(+), 5 deletions(-) diff --git a/glide.lock b/glide.lock index 990a41429..e51b31984 100644 --- a/glide.lock +++ b/glide.lock @@ -1,4 +1,4 @@ -hash: d87c01b4b8f802c81e1f3ae34a09c7001dc392654703b53fe0e6722041183abc +hash: ed8bed99f9096c408e34756a9c8eafd366d66f624a3e75a3fe7f84a2c5c98fa1 updated: 2017-09-30T18:32:16.848940186+02:00 imports: - name: cloud.google.com/go @@ -481,7 +481,7 @@ imports: - name: github.com/urfave/negroni version: 490e6a555d47ca891a89a150d0c1ef3922dfffe9 - name: github.com/vulcand/oxy - version: c024a22700b56debed9a9c8dbb297210a7ece02d + version: 4b280f86f847bcdfd921dd1ffa9ae7949dc855ee repo: https://github.com/containous/oxy.git vcs: git subpackages: diff --git a/glide.yaml b/glide.yaml index d48639846..6d4746f15 100644 --- a/glide.yaml +++ b/glide.yaml @@ -12,7 +12,7 @@ import: - package: github.com/cenk/backoff - package: github.com/containous/flaeg - package: github.com/vulcand/oxy - version: c024a22700b56debed9a9c8dbb297210a7ece02d + version: 4b280f86f847bcdfd921dd1ffa9ae7949dc855ee repo: https://github.com/containous/oxy.git vcs: git subpackages: diff --git a/integration/fixtures/websocket/config_https.toml b/integration/fixtures/websocket/config_https.toml index 59a5df545..97be4964a 100644 --- a/integration/fixtures/websocket/config_https.toml +++ b/integration/fixtures/websocket/config_https.toml @@ -1,6 +1,7 @@ defaultEntryPoints = ["wss"] logLevel = "DEBUG" +InsecureSkipVerify=true [entryPoints] [entryPoints.wss] @@ -24,4 +25,4 @@ logLevel = "DEBUG" [frontends.frontend1] backend = "backend1" [frontends.frontend1.routes.test_1] - rule = "Path:/ws" + rule = "Path:/echo,/ws" diff --git a/integration/websocket_test.go b/integration/websocket_test.go index 2cf04f0cd..ff08218af 100644 --- a/integration/websocket_test.go +++ b/integration/websocket_test.go @@ -441,3 +441,65 @@ func (s *WebsocketSuite) TestURLWithURLEncodedChar(c *check.C) { c.Assert(err, checker.IsNil) c.Assert(string(msg), checker.Equals, "OK") } + +func (s *WebsocketSuite) TestSSLhttp2(c *check.C) { + var upgrader = gorillawebsocket.Upgrader{} // use default options + + ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + c, err := upgrader.Upgrade(w, r, nil) + if err != nil { + return + } + defer c.Close() + for { + mt, message, err := c.ReadMessage() + if err != nil { + break + } + err = c.WriteMessage(mt, message) + if err != nil { + break + } + } + })) + + ts.TLS = &tls.Config{} + ts.TLS.NextProtos = append(ts.TLS.NextProtos, `h2`) + ts.TLS.NextProtos = append(ts.TLS.NextProtos, `http/1.1`) + ts.StartTLS() + + file := s.adaptFile(c, "fixtures/websocket/config_https.toml", struct { + WebsocketServer string + }{ + WebsocketServer: ts.URL, + }) + + defer os.Remove(file) + cmd, display := s.traefikCmd(withConfigFile(file), "--debug", "--accesslog") + defer display(c) + + err := cmd.Start() + c.Assert(err, check.IsNil) + defer cmd.Process.Kill() + + // wait for traefik + err = try.GetRequest("http://127.0.0.1:8080/api/providers", 10*time.Second, try.BodyContains("127.0.0.1")) + c.Assert(err, checker.IsNil) + + //Add client self-signed cert + roots := x509.NewCertPool() + certContent, err := ioutil.ReadFile("./resources/tls/local.cert") + roots.AppendCertsFromPEM(certContent) + gorillawebsocket.DefaultDialer.TLSClientConfig = &tls.Config{ + RootCAs: roots, + } + conn, _, err := gorillawebsocket.DefaultDialer.Dial("wss://127.0.0.1:8000/echo", nil) + c.Assert(err, checker.IsNil) + + err = conn.WriteMessage(gorillawebsocket.TextMessage, []byte("OK")) + c.Assert(err, checker.IsNil) + + _, msg, err := conn.ReadMessage() + c.Assert(err, checker.IsNil) + c.Assert(string(msg), checker.Equals, "OK") +} diff --git a/vendor/github.com/vulcand/oxy/forward/fwd.go b/vendor/github.com/vulcand/oxy/forward/fwd.go index 09225f4c6..8ff945a67 100644 --- a/vendor/github.com/vulcand/oxy/forward/fwd.go +++ b/vendor/github.com/vulcand/oxy/forward/fwd.go @@ -264,7 +264,8 @@ func (f *websocketForwarder) serveHTTP(w http.ResponseWriter, req *http.Request, dialer := websocket.DefaultDialer if outReq.URL.Scheme == "wss" && f.TLSClientConfig != nil { - dialer.TLSClientConfig = f.TLSClientConfig + dialer.TLSClientConfig = f.TLSClientConfig.Clone() + dialer.TLSClientConfig.NextProtos = []string{"http/1.1"} } targetConn, resp, err := dialer.Dial(outReq.URL.String(), outReq.Header) if err != nil {