[Solved] SSL Proxy
Added by bdens01 about 6 years ago
I'm trying to get data piped from a client connected via SSL to my local exec, and I just can't seem to find a way to get it to work.
I see that mod_proxy states:
"mod_proxy does not currently support SSL/TLS connections to the backend server"
But I am assuming that this means you can't pass the encrypted data to the backend, which isn't what I want. If I am misinterpreting, I apologize. What I want is the raw data intended for a websocket.
This is what the logs are telling me:
1970-01-01 04:36:41: (configfile-glue.c.555) SERVER["socket"] ( :443 ) compare to :443
1970-01-01 04:36:41: (configfile-glue.c.613) 1 (uncached) result: true
1970-01-01 04:36:41: (response.c.335) -- splitting Request-URI
1970-01-01 04:36:41: (response.c.336) Request-URI : /websocket
1970-01-01 04:36:41: (response.c.337) URI-scheme : https
1970-01-01 04:36:41: (response.c.338) URI-authority : 172.28.208.154
1970-01-01 04:36:41: (response.c.339) URI-path (raw) : /websocket
1970-01-01 04:36:41: (response.c.340) URI-path (clean): /websocket
1970-01-01 04:36:41: (response.c.341) URI-query :
1970-01-01 04:36:41: (configfile-glue.c.692) === start of condition block ===
1970-01-01 04:36:41: (configfile-glue.c.620) 1 (cached) result: true
1970-01-01 04:36:41: (response.c.475) -- before doc_root
1970-01-01 04:36:41: (response.c.476) Doc-Root : /usr/htdocs
1970-01-01 04:36:41: (response.c.477) Rel-Path : /websocket
1970-01-01 04:36:41: (response.c.478) Path :
1970-01-01 04:36:41: (response.c.526) -- after doc_root
1970-01-01 04:36:41: (response.c.527) Doc-Root : /usr/htdocs
1970-01-01 04:36:41: (response.c.528) Rel-Path : /websocket
1970-01-01 04:36:41: (response.c.529) Path : /usr/htdocs/websocket
1970-01-01 04:36:41: (configfile-glue.c.692) === start of condition block ===
1970-01-01 04:36:41: (configfile-glue.c.620) 1 (cached) result: true
1970-01-01 04:36:41: (response.c.546) -- logical > physical handling physical path
1970-01-01 04:36:41: (response.c.547) Doc-Root : /usr/htdocs
1970-01-01 04:36:41: (response.c.548) Basedir : /usr/htdocs
1970-01-01 04:36:41: (response.c.549) Rel-Path : /websocket
1970-01-01 04:36:41: (response.c.550) Path : /usr/htdocs/websocket
1970-01-01 04:36:41: (response.c.567) -
1970-01-01 04:36:41: (response.c.568) Path : /usr/htdocs/websocket
1970-01-01 04:36:41: (response.c.626) -- file not found
1970-01-01 04:36:41: (response.c.627) Path : /usr/htdocs/websocket
1970-01-01 04:36:41: (configfile-glue.c.692) === start of condition block ===
Here is my block in the config:
proxy.debug = 1
$SERVER["socket"] == ":443" {
proxy.server = (
"^/websocket" =>
((
"host" => "localhost",
"port" => "port"
))
)
}
In the logs, I don't see it even checking against whether it is a match for the proxy arguments.
I have an SCGI handler that seems to do nearly the same thing, but it doesn't say anything about a file not found.
This is on a bare-bones Linux kernel with Firefox, on version 1.4.41.
I know that data isn't getting piped in because I'm getting nothing on a TCP dump of the desired port.
Replies (1)
RE: [Solved] SSL Proxy - Added by gstrauss about 6 years ago
lighttpd 1.4.46 or later supports Upgrade: websocket
in mod_proxy if enabled.
See Docs_ModProxy for @proxy.header = ( "upgrade" => "enable" )
or Docs_ModWStunnel if you want lighttpd to decode the websocket packets and pass the websocket payload to a backend.