search

sky-uk / feed

Nginx based Kubernetes ingress controller for AWS
BSD 3-Clause "New" or "Revised" License
58 stars 10 forks source link

feat(nginx): allow nginx to proxy WebSocket headers #246

Closed pyoio closed 2 years ago

pyoio commented 2 years ago

Allows feed to support proxying WebSocket requests if explicitly enabled.

If enabled via the --nginx-allow-websocket-upgrade flag, the nginx configuration will be generated with the following block:

    # Support WebSocket upgrade, allow keepalive
    # Upgrade logic from http://nginx.org/en/docs/http/websocket.html
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      '';
    }

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

Which will set the Connection header to upgrade IF the Upgrade header is present, otherwise the proxy_set_header Connection will be "" which does not forward, the same as existing feed behaviour.

If the flag is omitted, the nginx config will generate with:

    # Enable keepalive to backend.
    proxy_http_version 1.1;
    proxy_set_header Connection "";

as it previously did.

pyoio commented 2 years ago

Meant to ping @sky-uk/core-networking en masse to discuss, didn't realise it would randomly select @aecay 😬

pyoio commented 2 years ago

The use case for us is to enable WebSocket connections in our mgmt cluster for mgmt tools (e.g., grafana, tekton ui) -- no plans to enable it in other clusters

pyoio commented 2 years ago

Short term we're going to flip our mgmt tools w/ websockets over to using cloud native LBs which support WS, the support + HAProxy aspects make this something that's more appropriately considered in next-gen ingress work when that comes IMO, cheers @aecay!