Hi, I have a strange problem.
Setup: Internet ---> haproxy (SNI TLS Routing) --> nginx (Webserver) --> Websocket based server (WebRTC) haproxy has no certificates, it checks the TLS Hello message for :443 traffic and then forwards to the right server based on SNI. ==> haproxy cannot alter the stream sent through. Doing a request through this pipeline to start a websocket connection looses the Upgrade & Connection setting coming from the internet. When making a request that bypasses the haproxy those header elements ARE present. Unfortunately haproxy is a requirement because of various servers being used. The only difference i can see is that in the case of haproxy the request comes from a local address (same subnet as nginx server) . I tried to follow the processing of data through haproxy but that takes a lot more time... Curl Request: GET /webrtc/ws?curl HTTP/1.1 Host: nc.xxxxxxx.net Accept: / Pragma: no-cache Origin: https://nc.xxxxxxx.net Accept-Encoding: gzip, deflate, sdch, br Sec-WebSocket-Version: 13 Accept-Language: en-US,en;q=0.8,nl;q=0.6 Sec-WebSocket-Key: QBKcxyaLv5Om+scMeDUbBg== User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36 Upgrade: websocket Cache-Control: no-cache Cookie: oc_sessionPassphrase=XcOZFOaPnqqbv1 Connection: Upgrade Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits DNT: 1 Parsed by nginx: 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Host: nc.xxxxxxx.net:443" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Connection: close" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept: /" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Pragma: no-cache" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Origin: https://nc.xxxxxxx.net"; 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept-Encoding: gzip, deflate, sdch, br" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Version: 13" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept-Language: en-US,en;q=0.8,nl;q=0.6" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Key: QBKcxcxxxcxcxyaLv5Om+scMeDUbBg==" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Cache-Control: no-cache" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Cookie: oc_sessionPassphrase=XcOZ9q5bYP% 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "DNT: 1" 2016/11/23 01:09:20 [debug] 25097#0: *309 http header done The UserAgent & Cookie get followed by Upgrade & Connection resp. but they are NOT seen/parsed by nginx code.... Note that when i Force the Upgrade & Connection headers on the /webrtc/ws URI (using a specific location) every thing works as designed, it is just that the Upgrade & Connection headers seem to be dropped from the incomming request. ($http_upgrade is empty). Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271128,271128#msg-271128 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
