Socket server behind the authkeeper proxy

ashvini · June 4, 2019, 12:41pm

I have a server which has REST API and Socketio WebSockets. I have put this server behind the proxy and set up a rule for REST API

Server URL: https://server.my-site.com
Proxy URL: https://api.my-site.com

and my rules are as follow:

{
    "id": "server-1",
    "description": "server -1 rest api",
    "match": {
        "methods": [
            "GET",
            "POST",
            "PUT",
            "DELETE"
        ],
        "url": "https://api.my-site.com/server1/<.*>"
    },
    "authenticators": [
        {
            "handler": "oauth2_introspection",
            "config": {}
        }
    ],
    "authorizer": {
        "handler": "allow",
        "config": null
    },
    "credentials_issuer": {
        "handler": "headers",
        "config": {
            "headers": {
                "auth-user": "{{ print .Subject }}"
            }
        }
    },
    "upstream": {
        "preserve_host": true,
        "strip_path": "server1",
        "url": "https://server.my-site.com"
    }
}

But websocket connections use wss protocol and I have tried but unable to get any result.

So my question is how to work with websocket behind the oathkeeper proxy if it is possible and how to write rules and connect the client?

ArthurKnoep · February 5, 2020, 11:10am

I’m also interested in the answer

hackerman · February 10, 2020, 7:52am

I haven’t checked that. WSS still uses HTTP(S) thought right?

I found a golang issue which says it should be supported: https://github.com/golang/go/issues/26937

anselm94 · May 2, 2020, 12:11pm

This exactly worked!

access-rule.yaml

-
  id: "websocket-test"
  upstream:
    preserve_host: true
    url: "http://websocket-test:8010"
    strip_path: /ws
  match:
    url: "<http|ws>://127.0.0.1:4455/ws"
    methods:
      - GET

Connection to ws://127.0.0.1/ws worked

hackerman · May 2, 2020, 12:11pm

Nice!