Socket server behind the authkeeper proxy

I have a server which has REST API and Socketio WebSockets. I have put this server behind the proxy and set up a rule for REST API

Server URL: https://server.my-site.com
Proxy URL: https://api.my-site.com

and my rules are as follow:

{
    "id": "server-1",
    "description": "server -1 rest api",
    "match": {
        "methods": [
            "GET",
            "POST",
            "PUT",
            "DELETE"
        ],
        "url": "https://api.my-site.com/server1/<.*>"
    },
    "authenticators": [
        {
            "handler": "oauth2_introspection",
            "config": {}
        }
    ],
    "authorizer": {
        "handler": "allow",
        "config": null
    },
    "credentials_issuer": {
        "handler": "headers",
        "config": {
            "headers": {
                "auth-user": "{{ print .Subject }}"
            }
        }
    },
    "upstream": {
        "preserve_host": true,
        "strip_path": "server1",
        "url": "https://server.my-site.com"
    }
}

But websocket connections use wss protocol and I have tried but unable to get any result.

So my question is how to work with websocket behind the oathkeeper proxy if it is possible and how to write rules and connect the client?

I’m also interested in the answer

I haven’t checked that. WSS still uses HTTP(S) thought right?

I found a golang issue which says it should be supported: https://github.com/golang/go/issues/26937

1 Like

This exactly worked!

access-rule.yaml

-
  id: "websocket-test"
  upstream:
    preserve_host: true
    url: "http://websocket-test:8010"
    strip_path: /ws
  match:
    url: "<http|ws>://127.0.0.1:4455/ws"
    methods:
      - GET

Connection to ws://127.0.0.1/ws worked

1 Like

Nice!