Lighttpd

I feel this is not the right solution that the lighttpd authors would approve of but I haven't come up with another solution.

The simple solution is for your application to be the backend for mod_wstunnel, and for your application to transform the data and then pass it back to the backend you are interposing.

Writing code in lighttpd should be done only when there are specific needs which can not be met by the more maintainable solution of using a separate backend application.

Your objectective fails to mention whether or not you tested the simple, maintainable solution, and why your objective now requires implementation inside lighttpd rather than as a separate proxy.

As a lighttpd developer, I do not approve of sloppy modifications to existing lighttpd modules.

The lighttpd internals are internal and I make no guarantee of compatibility of lighttpd internals between lighttpd releases. Writing your own lighttpd module, or modifying existing lighttpd code, moves a maintanence burden to you that you should not take on unless simpler, maintainable, isolated solutions are tested and limitations are documented.

Thank you for your reply. I agree with you, I will not develop an internal plugin for the reasons you mentioned.

I would like to ask one more question about authentication and websocket. If I use mod_wstunnel and forward payload data to my application, how can the application verify the identity of the client? I thought of sending an authentication token inside the websocket payload data. At the beginning, the client can use lighttpd for authentication (for example using mod_cgi or mod_fastcgi etc.) and after successful authentication, it will get a token. Then the client will establish a connection via websocket. So the application will receive the websocket payload data with the token and validate it.
I also looked at mod_auth, but I don't think it helps with this use-case. I originally thought that using a custom plugin would also somehow solve authentication, but as we agreed, developing a custom plugin is not a good approach.

Is my suggestion about sending a token correct or is there a better approach?

https://xyproblem.info/

What problem are you trying to solve?

How to get support

You can use lighttpd mod_cgi or mod_fastcgi or mod_scgi and then your backend will get AUTH_USER in the environment if you use lighttpd mod_auth or your own custom authorizer via mod_fastcgi or mod_scgi or mod_cgi. However, then your backend will have to handle Upgrade: websocket and the websocket protocol. If you want lighttpd to handle the websocket protocol for you, then mod_wstunnel does that, but it does not provide a means to transmit authentication performed by lighttpd to your backend.

lighttpd mod_wstunnel might not be the best solution for you if you have requirements that are not met by lighttpd mod_wstunnel (note the word "tunnel" in mod_wstunnel)

Then again, you mentioned that you might add authentication to your protocol wrapped in the websocket protocol. If you have control of both client and server, then that might work for you.