I am at the moment engaged on a venture the place I’ve a WebSocket Safe (WSS) server and a WSS consumer. The consumer establishes a WebSocket connection over TLS to the server, which permits bi-directional communication between them. Now, I must introduce a proxy between the consumer and the server to relay WebSocket site visitors. There could also be a number of proxies between consumer and server
Setup Particulars:
- Shopper: Communicates with the server utilizing WebSocket Safe (wss://), that means all site visitors is encrypted utilizing TLS.
- Server: A WSS server that receives WebSocket connections over TLS.
What I Know So Far:
- CONNECT Proxy: I perceive {that a} CONNECT proxy can be utilized for tunneling HTTPS connections by way of an HTTP CONNECT technique. This technique will be prolonged to WebSocket connections, the place the proxy creates a TCP tunnel for encrypted site visitors with out interfering with the precise information. This offers end-to-end encryptions.
- MIMT Proxy: In a Man-in-the-Center (MITM) state of affairs, the proxy might carry out TLS termination (decrypt, examine, and re-encrypt site visitors).
- Reverse Proxy:
Another choice, from what I’ve learn, appears to be organising a reverse proxy to deal with the WebSocket connection although I’m not certain. One thing like: https://github.com/koding/websocketproxy/blob/grasp/websocketproxy.go
https://pkg.go.dev/internet/http/httputil#ReverseProxy.ServeHTTP
Questions on Reverse Proxy:
- How is that this completely different from MIMT? or Is that this the identical as MIMT?
- Is Reverse Proxy clear or does it do TLS termination?
Few extra questions:
- Are there different approaches for proxying WSS connections that I ought to look into?
Thanks prematurely for any steering or insights you’ll be able to present!