Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Implements missing HTTPS proxy functionality #978

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Implements missing HTTPS proxy functionality #978

wants to merge 1 commit into from
+1,063 −44

Conversation

seans3
Copy link

@seans3 seans3 commented Feb 27, 2025
edited
Loading

What type of PR is this? (check all applicable)

  • Feature

Description

  • Implements missing HTTPS Proxy functionality.
  • Adds both client/proxy/server tests and unit tests.

Related Tickets & Documents

Added/updated tests?

  • Yes

Run verifications and test

$ go test -race -cover
PASS
coverage: 84.3% of statements
ok  	github.com/gorilla/websocket	4.103s

@seans3
Copy link
Author

seans3 commented Feb 27, 2025

/cc @adrianosela

@seans3
Copy link
Author

seans3 commented Feb 27, 2025

/assign @liggitt
/assign @aojea

adrianosela
adrianosela approved these changes Feb 27, 2025
View reviewed changes
Copy link

@adrianosela adrianosela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this @seans3 🚀

@aojea
Copy link

aojea commented Feb 27, 2025
edited
Loading

IIUIC the same certificate is used for both the proxy and the backend, don't we need to handle the case when both are different? what happens if the proxy requires a different certificate than the backend?

EDIT

I see, the TLSConfig can be used for that, also @seans3 sent me this https://github.com/adrianosela/https-proxy/tree/main?tab=readme-ov-file#https-proxy

aojea
aojea reviewed Feb 27, 2025
View reviewed changes
aojea
aojea reviewed Feb 27, 2025
View reviewed changes
aojea
aojea reviewed Feb 27, 2025
View reviewed changes
aojea
aojea reviewed Feb 27, 2025
View reviewed changes
@seans3
Copy link
Author

seans3 commented Feb 27, 2025

IIUIC the same certificate is used for both the proxy and the backend, don't we need to handle the case when both are different? what happens if the proxy requires a different certificate than the backend?

The client is responsible for configuring the root CA certificates. The client TLS config contains a cert pool, which can contain multiple root CA certificates. So for TLS to the proxy and the upstream, the TLS config root CA cert pool must contain CA's which have signed both the proxy and the upstream.

@134130
Copy link

134130 commented Mar 3, 2025

This PR also closes #950

aojea
aojea reviewed Mar 3, 2025
View reviewed changes
seans3
seans3 commented Mar 3, 2025
View reviewed changes
seans3
seans3 commented Mar 3, 2025
View reviewed changes
seans3
seans3 commented Mar 3, 2025
View reviewed changes
@seans3 seans3 force-pushed the https-proxy branch 7 times, most recently from 2ab73bd to 0b0f26a Compare March 5, 2025 00:17
@134130 134130 mentioned this pull request Mar 5, 2025
Closed
12 tasks
@seans3 seans3 requested review from adrianosela and aojea March 11, 2025 22:12
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@adrianosela adrianosela Awaiting requested review from adrianosela

@aojea aojea Awaiting requested review from aojea

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Is https not supported? [feature] Support for proxying websocket through https proxy
4 participants
@seans3 @aojea @134130 @adrianosela