Force http/1.1 for websocket

This commit is contained in:
SALLEYRON Julien 2017-10-20 17:38:04 +02:00 committed by Traefiker
parent 9c8df8b9ce
commit afbad56012
5 changed files with 69 additions and 5 deletions

4
glide.lock generated
View file

@ -1,4 +1,4 @@
hash: d87c01b4b8f802c81e1f3ae34a09c7001dc392654703b53fe0e6722041183abc hash: ed8bed99f9096c408e34756a9c8eafd366d66f624a3e75a3fe7f84a2c5c98fa1
updated: 2017-09-30T18:32:16.848940186+02:00 updated: 2017-09-30T18:32:16.848940186+02:00
imports: imports:
- name: cloud.google.com/go - name: cloud.google.com/go
@ -481,7 +481,7 @@ imports:
- name: github.com/urfave/negroni - name: github.com/urfave/negroni
version: 490e6a555d47ca891a89a150d0c1ef3922dfffe9 version: 490e6a555d47ca891a89a150d0c1ef3922dfffe9
- name: github.com/vulcand/oxy - name: github.com/vulcand/oxy
version: c024a22700b56debed9a9c8dbb297210a7ece02d version: 4b280f86f847bcdfd921dd1ffa9ae7949dc855ee
repo: https://github.com/containous/oxy.git repo: https://github.com/containous/oxy.git
vcs: git vcs: git
subpackages: subpackages:

View file

@ -12,7 +12,7 @@ import:
- package: github.com/cenk/backoff - package: github.com/cenk/backoff
- package: github.com/containous/flaeg - package: github.com/containous/flaeg
- package: github.com/vulcand/oxy - package: github.com/vulcand/oxy
version: c024a22700b56debed9a9c8dbb297210a7ece02d version: 4b280f86f847bcdfd921dd1ffa9ae7949dc855ee
repo: https://github.com/containous/oxy.git repo: https://github.com/containous/oxy.git
vcs: git vcs: git
subpackages: subpackages:

View file

@ -1,6 +1,7 @@
defaultEntryPoints = ["wss"] defaultEntryPoints = ["wss"]
logLevel = "DEBUG" logLevel = "DEBUG"
InsecureSkipVerify=true
[entryPoints] [entryPoints]
[entryPoints.wss] [entryPoints.wss]
@ -24,4 +25,4 @@ logLevel = "DEBUG"
[frontends.frontend1] [frontends.frontend1]
backend = "backend1" backend = "backend1"
[frontends.frontend1.routes.test_1] [frontends.frontend1.routes.test_1]
rule = "Path:/ws" rule = "Path:/echo,/ws"

View file

@ -441,3 +441,65 @@ func (s *WebsocketSuite) TestURLWithURLEncodedChar(c *check.C) {
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
c.Assert(string(msg), checker.Equals, "OK") c.Assert(string(msg), checker.Equals, "OK")
} }
func (s *WebsocketSuite) TestSSLhttp2(c *check.C) {
var upgrader = gorillawebsocket.Upgrader{} // use default options
ts := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
c, err := upgrader.Upgrade(w, r, nil)
if err != nil {
return
}
defer c.Close()
for {
mt, message, err := c.ReadMessage()
if err != nil {
break
}
err = c.WriteMessage(mt, message)
if err != nil {
break
}
}
}))
ts.TLS = &tls.Config{}
ts.TLS.NextProtos = append(ts.TLS.NextProtos, `h2`)
ts.TLS.NextProtos = append(ts.TLS.NextProtos, `http/1.1`)
ts.StartTLS()
file := s.adaptFile(c, "fixtures/websocket/config_https.toml", struct {
WebsocketServer string
}{
WebsocketServer: ts.URL,
})
defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file), "--debug", "--accesslog")
defer display(c)
err := cmd.Start()
c.Assert(err, check.IsNil)
defer cmd.Process.Kill()
// wait for traefik
err = try.GetRequest("http://127.0.0.1:8080/api/providers", 10*time.Second, try.BodyContains("127.0.0.1"))
c.Assert(err, checker.IsNil)
//Add client self-signed cert
roots := x509.NewCertPool()
certContent, err := ioutil.ReadFile("./resources/tls/local.cert")
roots.AppendCertsFromPEM(certContent)
gorillawebsocket.DefaultDialer.TLSClientConfig = &tls.Config{
RootCAs: roots,
}
conn, _, err := gorillawebsocket.DefaultDialer.Dial("wss://127.0.0.1:8000/echo", nil)
c.Assert(err, checker.IsNil)
err = conn.WriteMessage(gorillawebsocket.TextMessage, []byte("OK"))
c.Assert(err, checker.IsNil)
_, msg, err := conn.ReadMessage()
c.Assert(err, checker.IsNil)
c.Assert(string(msg), checker.Equals, "OK")
}

View file

@ -264,7 +264,8 @@ func (f *websocketForwarder) serveHTTP(w http.ResponseWriter, req *http.Request,
dialer := websocket.DefaultDialer dialer := websocket.DefaultDialer
if outReq.URL.Scheme == "wss" && f.TLSClientConfig != nil { if outReq.URL.Scheme == "wss" && f.TLSClientConfig != nil {
dialer.TLSClientConfig = f.TLSClientConfig dialer.TLSClientConfig = f.TLSClientConfig.Clone()
dialer.TLSClientConfig.NextProtos = []string{"http/1.1"}
} }
targetConn, resp, err := dialer.Dial(outReq.URL.String(), outReq.Header) targetConn, resp, err := dialer.Dial(outReq.URL.String(), outReq.Header)
if err != nil { if err != nil {