Project

General

Profile

Proxy with ws_tunnel

Added by Chklang over 5 years ago

Hi

I use OpenWRT (17.0.5) with a Banapi R2, and i want to install lighttpd (lighttpd/1.4.49 (ssl) - a light and fast webserver) to filter my web trafic by domain to redirect them to each website hosted. For classic http stream it's ok, but i've a problem with websockets. My configuration :

server.modules += ( "mod_wstunnel" )
$SERVER["socket"] == ":8443" {
        $HTTP["host"] == "192.168.0.199:8443" {
                        wstunnel.server = ( "" => (( "host" => "192.168.0.205", "port" => "16080" )))
                        wstunnel.frame-type = "text" 
                        wstunnel.debug = 4
                        server.stream-request-body  = 2
                        server.stream-response-body = 2
        }
}

For information, on apache, my configuration was

<VirtualHost *:443>
        ServerName 192.168.0.199
        ProxyPass /ws ws://192.168.0.205:16080/ws
        ProxyPassReverse /ws ws://192.168.0.205:16080/ws
</VirtualHost>

(for the moment i try without the part of http stream, and without ssl configuration)

But all frames aren't transfered. I've used tcpdump on my webserver 192.168.0.205 :
Without lighttpd (direct socket) :

20:10:31.807008 IP (tos 0x0, ttl 128, id 3812, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.0.35.62769 > webserver1.16080: Flags [S], cksum 0x9feb (correct), seq 4061669420, win 65280, options [mss 1360,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@...i....#.....1>...(,...............P........
20:10:31.807183 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
    webserver1.16080 > 192.168.0.35.62769: Flags [S.], cksum 0x8267 (incorrect -> 0x741d), seq 3557024839, ack 4061669421, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0
E..4..@.@..........#>..1...G..(-..r..g..............
20:10:31.819303 IP (tos 0x0, ttl 128, id 3813, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.0.35.62769 > webserver1.16080: Flags [.], cksum 0x22fe (correct), seq 1, ack 1, win 1025, length 0
E..(..@...i....#.....1>...(-...HP...".........
20:10:31.819636 IP (tos 0x0, ttl 128, id 3814, offset 0, flags [DF], proto TCP (6), length 555)
    192.168.0.35.62769 > webserver1.16080: Flags [P.], cksum 0xaa75 (correct), seq 1:516, ack 1, win 1025, length 515
E..+..@...g....#.....1>...(-...HP....u..GET /ws HTTP/1.1
Host: 192.168.0.205:16080
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: file://
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) advanced-rest-client/12.1.4 Chrome/61.0.3163.100 Electron/2.0.2 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: fr
Sec-WebSocket-Key: RqBtURkkDzPgnt29I8/w6A==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

20:10:31.819705 IP (tos 0x0, ttl 64, id 38157, offset 0, flags [DF], proto TCP (6), length 40)
    webserver1.16080 > 192.168.0.35.62769: Flags [.], cksum 0x825b (incorrect -> 0x2323), seq 1, ack 516, win 473, length 0
E..(..@.@.#........#>..1...H..*0P....[..
20:10:31.931057 IP (tos 0x0, ttl 64, id 38158, offset 0, flags [DF], proto TCP (6), length 206)
    webserver1.16080 > 192.168.0.35.62769: Flags [P.], cksum 0x8301 (incorrect -> 0xe7b3), seq 1:167, ack 516, win 473, length 166
E.....@.@."........#>..1...H..*0P.......HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Sec-WebSocket-Accept: Uz8eaWiZ8Uob+sUca3DEDrJSkTE=
Date: Tue, 04 Sep 2018 20:10:31 GMT
Connection: upgrade

20:10:31.984446 IP (tos 0x0, ttl 128, id 3815, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.0.35.62769 > webserver1.16080: Flags [.], cksum 0x2056 (correct), seq 516, ack 167, win 1024, length 0
E..(..@...i....#.....1>...*0....P... V........
20:10:49.987238 IP (tos 0x0, ttl 128, id 3816, offset 0, flags [DF], proto TCP (6), length 46)
    192.168.0.35.62769 > webserver1.16080: Flags [P.], cksum 0x2f65 (correct), seq 516:522, ack 167, win 1024, length 6
E.....@...i....#.....1>...*0....P.../e......_.
20:10:49.987389 IP (tos 0x0, ttl 64, id 38159, offset 0, flags [DF], proto TCP (6), length 40)
    webserver1.16080 > 192.168.0.35.62769: Flags [.], cksum 0x825b (incorrect -> 0x2277), seq 167, ack 522, win 473, length 0
E..(..@.@.#........#>..1......*6P....[..
20:10:49.998514 IP (tos 0x0, ttl 64, id 38160, offset 0, flags [DF], proto TCP (6), length 44)
    webserver1.16080 > 192.168.0.35.62769: Flags [P.], cksum 0x825f (incorrect -> 0x9680), seq 167:171, ack 522, win 473, length 4
E..,..@.@.#{.......#>..1......*6P...._......
20:10:50.001660 IP (tos 0x0, ttl 64, id 38161, offset 0, flags [DF], proto TCP (6), length 40)
    webserver1.16080 > 192.168.0.35.62769: Flags [F.], cksum 0x825b (incorrect -> 0x2272), seq 171, ack 522, win 473, length 0
E..(..@.@.#~.......#>..1......*6P....[..
20:10:50.014025 IP (tos 0x0, ttl 128, id 3817, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.0.35.62769 > webserver1.16080: Flags [.], cksum 0x204b (correct), seq 522, ack 172, win 1024, length 0
E..(..@...i....#.....1>...*6....P... K........
20:10:50.014058 IP (tos 0x0, ttl 128, id 3818, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.0.35.62769 > webserver1.16080: Flags [F.], cksum 0x204a (correct), seq 522, ack 172, win 1024, length 0
E..(..@...i....#.....1>...*6....P... J........
20:10:50.014250 IP (tos 0x0, ttl 64, id 7486, offset 0, flags [DF], proto TCP (6), length 40)
    webserver1.16080 > 192.168.0.35.62769: Flags [.], cksum 0x2271 (correct), seq 172, ack 523, win 473, length 0
E..(.>@.@..Q.......#>..1......*7P..."q..

And with lighttpd :

20:12:05.687503 IP (tos 0x0, ttl 64, id 15077, offset 0, flags [DF], proto TCP (6), length 60)
    192.168.0.199.37160 > webserver1.16080: Flags [S], cksum 0xf5b0 (correct), seq 3376303669, win 29200, options [mss 1460,sackOK,TS val 18707664 ecr 0,nop,wscale 7], length 0
E..<:.@.@.|..........(>..>N5......r............
..t.........
20:12:05.687683 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    webserver1.16080 > 192.168.0.199.37160: Flags [S.], cksum 0x8313 (incorrect -> 0xc35e), seq 4036910768, ack 3376303670, win 28960, options [mss 1460,sackOK,TS val 1106092533 ecr 18707664,nop,wscale 6], length 0
E..<..@.@...........>..(..^..>N6..q ...........
A.....t.....
20:12:05.687935 IP (tos 0x0, ttl 64, id 15078, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.0.199.37160 > webserver1.16080: Flags [.], cksum 0x6265 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 18707664 ecr 1106092533], length 0
E..4:.@.@.|..........(>..>N6..^.....be.....
..t.A...
20:12:08.180370 IP (tos 0x0, ttl 64, id 15079, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.0.199.37160 > webserver1.16080: Flags [F.], cksum 0x616b (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 18707913 ecr 1106092533], length 0
E..4:.@.@.|..........(>..>N6..^.....ak.....
..u.A...
20:12:08.181620 IP (tos 0x0, ttl 64, id 37441, offset 0, flags [DF], proto TCP (6), length 52)
    webserver1.16080 > 192.168.0.199.37160: Flags [.], cksum 0x830b (incorrect -> 0x56cd), seq 1, ack 2, win 453, options [nop,nop,TS val 1106095027 ecr 18707913], length 0
E..4.A@.@.%.........>..(..^..>N7...........
A.....u.
20:12:08.186932 IP (tos 0x0, ttl 64, id 37442, offset 0, flags [DF], proto TCP (6), length 52)
    webserver1.16080 > 192.168.0.199.37160: Flags [F.], cksum 0x830b (incorrect -> 0x56c7), seq 1, ack 2, win 453, options [nop,nop,TS val 1106095032 ecr 18707913], length 0
E..4.B@.@.%.........>..(..^..>N7...........
A.....u.
20:12:08.187210 IP (tos 0x0, ttl 64, id 18999, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.0.199.37160 > webserver1.16080: Flags [.], cksum 0x57a6 (correct), seq 2, ack 2, win 229, options [nop,nop,TS val 18707914 ecr 1106095032], length 0
E..4J7@.@.m..........(>..>N7..^.....W......
..u.A...

=> There is no http headers frames from my client!

Lighttpd log :

2018-09-04 20:12:05: (gw_backend.c.933) gw - found a host 192.168.0.205 16080
2018-09-04 20:12:05: (mod_wstunnel.c.431) allowed origins not specified
2018-09-04 20:12:05: (mod_wstunnel.c.518) WebSocket Version = 13
2018-09-04 20:12:05: (mod_wstunnel.c.552) will recv text data from backend
2018-09-04 20:12:05: (gw_backend.c.972) connect delayed; will continue later: tcp:192.168.0.205:16080
2018-09-04 20:12:05: (gw_backend.c.234) got proc: pid: 0 socket: tcp:192.168.0.205:16080 load: 1
2018-09-04 20:12:05: (mod_wstunnel.c.857) send handshake response
2018-09-04 20:12:05: (gw_backend.c.995) proc: tcp:192.168.0.205:16080 0 0 1 0
2018-09-04 20:12:06: (gw_backend.c.995) proc: tcp:192.168.0.205:16080 0 0 1 0
2018-09-04 20:12:07: (mod_wstunnel.c.1157) recv data from client ( fd = 8 ), size = 0x120d70
2018-09-04 20:12:07: (mod_wstunnel.c.1191) type = close
2018-09-04 20:12:07: (mod_wstunnel.c.330) disconnected from client ( fd = 8 )
2018-09-04 20:12:07: (mod_wstunnel.c.332) send close response to client ( fd = 8 )
2018-09-04 20:12:07: (mod_wstunnel.c.1109) type = close
2018-09-04 20:12:07: (mod_wstunnel.c.1113) payload size = 0x04
2018-09-04 20:12:07: (mod_wstunnel.c.1139) send data to client ( fd = 8 ), frame size = 0x06
2018-09-04 20:12:07: (gw_backend.c.308) released proc: pid: 0 socket: tcp:192.168.0.205:16080 load: 0

To open websocket i use "Advanced REST client". I not send any message, juste connection/disconnection.
Can you help me?

Regards


Replies (1)

RE: Proxy with ws_tunnel - Added by Chklang over 5 years ago

Nobody has an idea? :(

    (1-1/1)