WebSocket via HTTP proxy

转载 2013年12月05日 22:33:52

original link https://blogs.oracle.com/PavelBucek/entry/websocket_via_http_proxy


WebSocket via HTTP proxy

As you might know, WebSocket can be used for bi-directional "real-time" communication with multiple clients. What does that mean in proxy environments and how this even works? WebSocket uses HTTP upgrade mechanism specified in HTTP 1.1 and by design requires open (TCP) connection.

HTTP CONNECT is there for exactly these usecases. It is usually used for tunneling HTTPS via proxy, but it can be used for WebSocket as well.

I will describe complete "proxified" handshake using captured connection of Tyrus Client connecting to public echo service - echo.websocket.org. Please note that we are directly using Tyrus API - not WebSocket specification (JSR-356), because we need to set a proxy.

final ClientManager client = ClientManager.createClient();

client.getProperties().put(
  GrizzlyClientSocket.PROXY_URI, "http://my.proxy:8080"
);
final Session session = client.connectToServer(new Endpoint() {

  @Override
  public void onOpen(Session session, EndpointConfig config) {
    session.addMessageHandler(new MessageHandler.Whole<String>() {
      @Override
      public void onMessage(String message) {
        System.out.println("# Message received: " + message);
      }
    });
  }
}, ClientEndpointConfig.Builder.create().build(),
   URI.create("ws://echo.websocket.org"));

session.getBasicRemote().sendText("test message");

BTW, Tyrus Client proxy support can be improved, currently it does not support proxy authentication, JDK's ProxySelector and so on. Please vote/comment on TYRUS-204 if you lack some of the mentioned options or anything else related to proxy support.

Current modern browsers do support this out of the box, so all you need is to set your HTTP proxy and described handshake will be done automatically. There might be limitation for parallel open connection in browser tab/instance, but I don't have any exact data about this.

Also, you might ask whether there is some need to server-side support - simple answer is "no". HTTP containers will see regular connection (from proxy), there is no additional work or overhead on that side.

Lets see our dumped communication:

client > proxy
CONNECT echo.websocket.org:80 HTTP/1.1
Host: echo.websocket.org
Proxy-Connection: keep-alive
Connection: keep-alive

Firstly, client need to send a request to proxy for new "permanent" connection. As already mentioned, CONNECT method handles this. First argument is a hostname (echo.websocket.org) and standard HTTP version.

proxy > client
HTTP/1.0 200 Connection established

If you are lucky, your proxy does support CONNECT and allows you to create connection (HTTP 200 is returned).

client > proxy
GET / HTTP/1.1
Connection: Upgrade
Host: echo.websocket.org
Origin: echo.websocket.org
Sec-WebSocket-Key : sDD3Wk7PMRCPE9+C0VyOcQ==
Sec-WebSocket-Version: 13
Upgrade: websocket

This is standard WebSocket handshake request, which will be passed to target HTTP container.

proxy > client
HTTP/1.1 101 Web Socket Protocol Handshake
Upgrade: WebSocket
Connection: Upgrade
Sec-WebSocket-Accept: 8TNIHr7bJHqQadjXYvqLql6RFEA=
Date: Tue, 16 Jul 2013 15:30:53 GMT
...

And there is a valid response to our handshake request, connection is established and communication can be started; there is nothing else different than in proxy-less environment. Please note that proxies do have limited resources and your request may be turned down because proxy "CONNECT" pool is empty.

Conclusion here is that WebSocket can work via proxies without any limitation, it just introduces different kind of traffic than pure HTTP and might cause some additional requirements related to proxy performance in case you are going to use WebSocket for long-running client connections.


Comments:

Hi Pavel,

Thanks for the explanation, that really did help me to understand the handshake. I have a scenario, wherein the connection initiation is successful and the proxy returns a HTTP/1.0 200 Connection established, but the SSL handshake fails.

HTTP/1.0 500 handshakefailed
Via: 1.0 10.X.X.X (McAfee Web Gateway 7.2.0.1.0.13253)
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 2063
Proxy-Connection: Close

Any suggestions why is it failing?

Posted by Srini on September 04, 2013 at 08:05 AM CEST #

Hi Srini,

you should add -Djavax.net.debug=all (seehttp://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html for more details). It usually is certificate issue, in your case it might be because the other side does not have properly signed certificate and you don't have truststore and/or keystore properly set on client side.

Feel free to send more details to users@tyrus.java.net.

Posted by guest on September 09, 2013 at 10:11 AM CEST #


websocket协议转tcp协议的代理

背景:        原先有个页游的项目,需要移植到手机上,做手机页游,也就是到html5(h5)版本,面临一个问题:原先服务器和客户端(flash)通信用的是tcp协议,而h5用的是websock...
  • zdl1016
  • zdl1016
  • 2016年01月07日 19:51
  • 6439

使用nginx作为websocket的proxy server

WebSocketWebSocket协议为创建客户端和服务器端需要实时双向通讯的webapp提供了一个选择。其为HTML5的一部分,WebSocket相较于原来开发这类app的方法来说,其能使开发更加...
  • zhx6044
  • zhx6044
  • 2015年12月12日 22:44
  • 37583

Nginx代理webSocket经常中断的解决方案, 如何保持长连接

背景这天气够热的,要处理的事情也够多的。。。。 想看解决的,直接 ctrl+f搜索关键字‘配置点’开始前交代(想看原因的看这个,个人观点,不代表正确)解说:今天用nginx反代通讯项目,发现平均1分钟...
  • Jack______
  • Jack______
  • 2017年08月02日 17:39
  • 6586

NGINX作为WebSocket代理

排版很差。直接复制的,请看原文https://www.nginx.com/blog/websocket-nginx/ 该网页套接字协议提供创建支持客户端和服务器之间的实时双向通信的Web应用程序的方式...
  • EdishenYA
  • EdishenYA
  • 2017年10月13日 15:13
  • 318

Nginx实现websocket代理的方式

Nginx实现websocket代理与负载均衡
  • terminatorsong
  • terminatorsong
  • 2017年03月07日 11:26
  • 4610

Nginx担当WebSockets代理

Nginx担当WebSockets代理英文原文:http://nginx.com/blog/websocket-nginx/作者:chszs,转载需注明。博客主页:http://blog.csdn.n...
  • chszs
  • chszs
  • 2014年05月20日 15:23
  • 25535

五大开源Web代理服务器的横向点评

Web代理软件转发HTTP请求时并不会改变数据流量。它们可以配置成透明代理,而无需客户端配置。它们还可以作为反向代理放在网站的前端;这样缓存服务器可以为一台或多台web服务器提供无限量的用户服务。为深...
  • English0523
  • English0523
  • 2016年07月12日 14:57
  • 4588

.NET中代理服务器WebProxy的各种用法

因为涉及到代理的各种情况,WebRequest和WebProxy类的文档写的相当复杂,不但各个文档关注点不同,而且不同版本的同一文档也有小小的区别,网上也没有关于这个类的相关文章。于是乎这篇Blog是...
  • younghaiqing
  • younghaiqing
  • 2017年01月11日 17:25
  • 954

.Net Framework 中设置Web Proxy 的方法

正在进行Map API到 .Net Framework 平台移植。 涉及到 Http Connection. 其中可能用到 Web proxy的设置。 有两种简单的方法。 WebProxy pro...
  • mapdigit
  • mapdigit
  • 2012年05月27日 14:05
  • 2087

HTTPS 代理-SNI Proxy-WebSocket (含源代码)

  • 2017年01月20日 18:24
  • 407KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:WebSocket via HTTP proxy
举报原因:
原因补充:

(最多只允许输入30个字)