Hi,
I have a strange problem.
Setup:
Internet ---> haproxy (SNI TLS Routing) --> nginx (Webserver) --> Websocket based server (WebRTC)
haproxy has no certificates, it checks the TLS Hello message for :443 traffic and then forwards to the right server based on SNI.
==> haproxy cannot alter the stream sent through.
Doing a request through this pipeline to start a websocket connection looses the Upgrade & Connection setting coming from the internet.
When making a request that bypasses the haproxy those header elements ARE present.
Unfortunately haproxy is a requirement because of various servers being used.
The only difference i can see is that in the case of haproxy the request comes from a local address (same subnet as nginx server) .
I tried to follow the processing of data through haproxy but that takes a lot more time...
Curl Request:
GET /webrtc/ws?curl HTTP/1.1
Host: nc.xxxxxxx.net
Accept: /
Pragma: no-cache
Origin: https://nc.xxxxxxx.net
Accept-Encoding: gzip, deflate, sdch, br
Sec-WebSocket-Version: 13
Accept-Language: en-US,en;q=0.8,nl;q=0.6
Sec-WebSocket-Key: QBKcxyaLv5Om+scMeDUbBg==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36
Upgrade: websocket
Cache-Control: no-cache
Cookie: oc_sessionPassphrase=XcOZFOaPnqqbv1
Connection: Upgrade
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
DNT: 1
Parsed by nginx:
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Host: nc.xxxxxxx.net:443"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Connection: close"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept: /"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Pragma: no-cache"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Origin: https://nc.xxxxxxx.net"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept-Encoding: gzip, deflate, sdch, br"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Version: 13"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Accept-Language: en-US,en;q=0.8,nl;q=0.6"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Key: QBKcxcxxxcxcxyaLv5Om+scMeDUbBg=="
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Cache-Control: no-cache"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Cookie: oc_sessionPassphrase=XcOZ9q5bYP%
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "DNT: 1"
2016/11/23 01:09:20 [debug] 25097#0: *309 http header done
The UserAgent & Cookie get followed by Upgrade & Connection resp.
but they are NOT seen/parsed by nginx code....
Note that when i Force the Upgrade & Connection headers on the /webrtc/ws URI (using a specific location) every thing works as designed, it is just that
the Upgrade & Connection headers seem to be dropped from the incomming request. ($http_upgrade is empty).
