search

ThreeMammals / Ocelot

.NET API Gateway
https://www.nuget.org/packages/Ocelot
MIT License
8.36k stars 1.64k forks source link

Support http2 websockets with .net7 #1636

Closed meirkr closed 4 months ago

meirkr commented 1 year ago

New Feature

Support Websockets (and SignalR) redirect communication with Kestrel web server which uses .NET 7 and configured to serve http2 only.

Motivation for New Feature

Clients like Angular or .NET 7 Websocket client cannot connect when configuring the Kestrel server to host only http2. They can, though when connecting directly to the real server, not via the Ocelot server.

Steps to Reproduce the Problem

  1. Upgrade existing SignalR service to .NET 7. Configure Kestrel to use only http2.
  2. Upgrade existing SignalR client to .NET 7
  3. Upgrade existing Ocelot to .NET 7
  4. Configure Ocelot to route to https port as http2: 
    {
  "Priority": 1,
  "DangerousAcceptAnyServerCertificateValidator": true,
  "DownstreamHostAndPorts": [
    {
      "Host": "localhost",
      "Port": 5001
    }
  ],
  "DownstreamHttpVersion": "2.0",
  "DownstreamPathTemplate": "/theSignalsHub",
  "DownstreamScheme": "wss",
  "UpstreamHttpMethod": [ "Get", "Post", "PUT", "DELETE", "OPTIONS" ],
  "UpstreamPathTemplate": "/api/app/theSignalsHub"
}
raman-m commented 1 year ago

Hi Meir! Sorry for 3 months of silence here!

I believe Ocelot supports WebSocket unencrypted (aka "ws" protocol) In docs we have the page: Websockets From paragraphs of this page we can see that Ocelot supports WS-protocol and SignalR (legacy v1.0.2) only. Having browse and search through source code I have found nothing related to "wss" protocol (aka WebSocket encrypted). It seems Ocelot does not support WSS, SignalR latest. Also, there are 0 references to Microsoft.AspNetCore.SignalR.Client package! That's strange! Currently we are referencing web socks client via the System.Net.WebSockets namespace. An we use the ClientWebSocket class in WebSocketsProxyMiddleware. The System.Net.WebSockets.Client assembly is implicitly referenced by .NET 7 Web App.

Could you do these follow up actions please?

Finally, I am afraid that Ocelot has no support for wss-protocol via "DownstreamScheme": "wss" option.

raman-m commented 1 year ago

Hi @meirkr !

Steps to Reproduce the Problem

  1. Upgrade existing SignalR service to .NET 7. Configure Kestrel to use only http2.
    1. Upgrade existing SignalR client to .NET 7
    2. Upgrade existing Ocelot to .NET 7
    3. Configure Ocelot to route to https port as http2:

Meir, could you show us all source code plz? Could you upload your solution to GitHub for review please?

Currently it is hard to reproduce your user case having such steps like above. So, it is better to show old and new, both solutions.

raman-m commented 1 year ago

Hey @meirkr ! Will PR #1377 solve your problem? Could you verify the solution please?

meirkr commented 1 year ago

Hi As for the source code, unfortunately, I cannot upload it because of security reason. I need to work on starting new projects from scratch for this purpose of demonstration. I might do that if will be needed and will have some time.

As for the PR #1377, if it is going to be merged and a new version of Ocelot will be published with this merge, I can try to check that in my environment.

raman-m commented 1 year ago

@meirkr commented on Sep 27

PR #1377 has been merged. The next upcoming release is scheduled for October 1st, 2nd...

raman-m commented 4 months ago

@meirkr

As for the PR https://github.com/ThreeMammals/Ocelot/pull/1377, if it is going to be merged and a new version of Ocelot will be published with this merge, I can try to check that in my environment.

Have you tried the fix in new versions?

I need to work on starting new projects from scratch for this purpose of demonstration.

Better to upload solution to GitHub. Otherwise it will be hard to reproduce your environment.

I might do that if will be needed and will have some time.

As a team we gave you 9 months to prepare a solution to show your problem. But keep in mind that we can't wait for years :exclamation:

You have the right to reopen this issue in the future if you come with a PR ready.