Improve reverse proxy, automatic handling of websockets

The code has been released and the mirror are already getting the update.

Please do not use the tracker for discussion. Feel free to continue the discussion here and eventually open the PR with the code.

Why did you close the feature request? It is a valid feature request (actually a bug fix + feature request, because the WebSocketPath variable to totally useless apart from breaking the behaviour of the proxy).

Webtop uses a specific path for the websocket, It is needed in some configuration.

I agree with @giacomo if you miss some configuration to proxypass, I bet a new thread is needed

Relative to options for proxypass we need a validation, a blank input html is not possible, I suggest checkbox, radio button or eventually drop down

Apache reverse proxy flag could be added but at the end I am not sure it worths it, like we shared before we try to propose the most common used options.

Reverse proxy are complex stuffs and a gui might never satisfy the sysadmin. For complex proxy we could need to drop an apache configuration

No it does NOT need the configuration as already explained several times in this thread. The path is taken from the Websocket Upgrade Request of the browser and any other configured path MUST be wrong. I use several Webtops reverse proxied with the code I provided.

Although validation is a good thing, it tends to need many options (like for max, for retry for extra options now already known). Currently the only solution is to do NOT use the GUI at all but write a https-conf completely by hand which is even more insecure, cumbersome and errorprone. So in my opinien it is valid to have a options which are not totally parsed and validated.

Validation is always a mandatory.

I would suggest you open pull request for the option you need, first for the template, then after for the UI once the template has been approved

The webproxypath was not validated either, so why do you now request validation, which I think is overvalidation. Currently I use the unvalidated path for the options (see screenshot) above.

Would someone help be settings up a dev environment or give my a step by step desription how to do this?

The path is validated :-?

The equal-sign seems not to be part of the validator, but I am still able to enter “flushpackets=on” as the path (see screenshot) and with my code change for 30ProxyPass it works perfectly for guacamole, webtop and nextcloud. Any explanation?

The validator for ProxyPassOptions could validate options for the pattern “x1=y1 x2=y2” pattern.

https://wiki.nethserver.org/doku.php?id=developer:developer_howto&s[]=dev&s[]=environment

1 Like

started my laptop, then indeed the validator doesn’t work as expected, it should allow when the path starts with a ‘/’ and allows [A-Za-z0-9-]+