Current implementation of the server forwards http traffic directly to the target server, which works fine for normal servers that don't have any additional layers of security (TLS) however this becomes a problem when users attempt to use a reverse proxy for making their app visible to the internet.
Reverse proxies work perfectly fine with normal game traffic however when it comes to things like GAW (Galaxy At War) and other server resources like Shop Icons for packs, and certain challenge banners the game won't be able to load them (It will still function however the previously mentioned functionality wont work)
Cause
The game is limited because of the "DirtySDK" implementation of SSL which only supports <=SSLv3 which isn't something most reverse proxies are able to support out of the box (Some might not support it at all). This was the same limitation for the original server however this was fixed with the proxying from localhost approach that the server currently uses now.
Solution
Following the same implementation idea that the server currently uses for forwarding the game traffic over the secure http upgrade tunnel the client will locally handle the HTTP requests from the game client that are using SSLv3 and upgrade those connections to the protocol that the reverse proxy is using (TLSv2-3) forwarding on the connection.
Extra notes
The servers will need an additional check when upgrading the initial main connection in order to tell whether it should be forwarding the HTTP connections directly to itself (Current implementation) or if it should forward them locally (New implementation). This can be achieved using an additional client-sent header likely something along the lines of X-Pocket-Relay-Local-Http: true
Checklist
[x] New client version attaches an additional header X-Pocket-Relay-Local-Http: true so the server knows to forward HTTP traffic locally
[x] Server is updated in order to handle proxied request changes
[x] Client can handle and proxy HTTP requests from localhost to the connected server
Description
Current implementation of the server forwards http traffic directly to the target server, which works fine for normal servers that don't have any additional layers of security (TLS) however this becomes a problem when users attempt to use a reverse proxy for making their app visible to the internet.
Reverse proxies work perfectly fine with normal game traffic however when it comes to things like GAW (Galaxy At War) and other server resources like Shop Icons for packs, and certain challenge banners the game won't be able to load them (It will still function however the previously mentioned functionality wont work)
Cause
The game is limited because of the "DirtySDK" implementation of SSL which only supports <=SSLv3 which isn't something most reverse proxies are able to support out of the box (Some might not support it at all). This was the same limitation for the original server however this was fixed with the proxying from localhost approach that the server currently uses now.
Solution
Following the same implementation idea that the server currently uses for forwarding the game traffic over the secure http upgrade tunnel the client will locally handle the HTTP requests from the game client that are using SSLv3 and upgrade those connections to the protocol that the reverse proxy is using (TLSv2-3) forwarding on the connection.
Extra notes
The servers will need an additional check when upgrading the initial main connection in order to tell whether it should be forwarding the HTTP connections directly to itself (Current implementation) or if it should forward them locally (New implementation). This can be achieved using an additional client-sent header likely something along the lines of
X-Pocket-Relay-Local-Http: trueChecklist
X-Pocket-Relay-Local-Http: trueso the server knows to forward HTTP traffic locally