Open razb opened 9 years ago
@razb There has been some work on this by @airhorns in #14
Perfect. This works for me!
Thanks again
There are now two separate PRs opened to add websocket support - #14 and #64 - but no movement on either. The first hasn't been touched in over a year. Can we have this issue re-opened as a tracker until support is actually added?
:+1: I would love support for websockets.
+1
+1
I love seeing the support for this feature. Anyone want to champion this with a patch to add websocket support?
+1 running into this same problem trying to proxy ipython.
+1, @jehiah ... looks like the following PR (comments as recent as 13 days ago) was also submitted to address this. adding to this thread for visibility...
Is there any chance to have websockets supported anytime soon ?
likewise... big +1 here
As a workaround, you can use nginx with auth_request, right?
looks like someone figured out how to integrate the web sockets fixes into a fork of this. https://github.com/funkymrrogers/oauth2_proxy
This work for me (nodered behing nginx/oauth2_proxy :
server {
listen 443;
server_name nodered.mycompany.fr;
ssl on;
ssl_certificate /etc/letsencrypt/live/nodered.mycompany.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nodered.mycompany.fr/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=2592000;
location /oauth2/ {
proxy_pass http://127.0.0.1:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
# pass information via X-User and X-Email headers to backend,
# requires running with --set-xauthrequest flag
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
# if you enabled --cookie-refresh, this is needed for it to work with auth_request
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
proxy_pass http://192.168.1.230:3008;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
}
}
See also #201 and #145 and #486.
I'm guessing the creators don't use WS in their deployments and that's why it hasn't been merged.
Luckily the folks at https://github.com/openshift/oauth-proxy have merged in the websocket support so I guess folks could just switch to that if it's an issue. Thank goodness for open source forks.
alright, so no chance that this will ever be merged i guess?
Hope this repo supports websockets and it would be very helpful many websites use websockets
It appears that the proxy does not support web-sockets. Any plans to add that support?
Thanks for a great product!