Remove WebProxyPath and add CustomProxyPassOptions #6234
Description
The new extra option of issue #6213 for the websocket path does not make any sense and leads to confusion of users and potentional misbehaviour of the proxy. The rewrite rule parser is used to determinate whether a websocket upgrade has been requested and determines the path automatically. There is NO possiblility for the path specification to ever make sense. It either contains the correct value which the rewrite rule already determined or does not work.
So it should be removed, because it makes no sense.
(In theory the rewrite is somewhat slower than ProxyPass, so IF you want to use the path (but keep in mind, that there could be multiple websocket paths, so the single path cannot work here either), then do use Proxypass instead of the rewrite and do no parsing with the rewrite module at all).
Another option is missing however to proxy widespread applications: flushpackets=on
It is needed for Guacamole for example as an option to the proxypass statement. To solve this I misued the superflues WebSocketPath as new option “custom proxypass options” field where one can enter the proxypass options completely yourself.
Currently “max=3 retry=30” is added automatically for every reverse proxy without the possiblilty to change it. Having an “custom proxypass option” could add other fields like “flushpackets=on” and also remove or change the default of max and retry (which should also be not set for guacamole).
If “custom proxypass option” is empty, just add the default like now, but when it is not empty append the option to the proxypass statement. With this change,also guacamole could be reversed proxied with the Nethserver GUI. So maybe you change/rename the superflues option to this new one.
Currently nethserver generates:
ProxyPass /guacamole http://192.168.42.16:8080/guacamole max=3 retry=30
But Guacamole needs:
ProxyPass /guacamole http://192.168.42.16:8080/guacamole flushpackets=on
I simplified the template 30ProxyPass, corrected the order of rewrite and proxypass statements and extended it with the feature “custom proxy pass options”, my misusing the variable, which shoud be renamed. Now all my reverse proxy entries including guacmole with with the UI. For guacamole I have to put “flushpackets=on” on the option “custom-proxypass-opion” (now named WebSocketsPath).
Contents of: 30ProxyPass:
{
my $proxypassoptions=$WebSocketsPath;
if (proxypassoptions eq '') { $proxypassoptions='max=3 retry=30'; }
if ($WebSockets eq 'enabled' ) {
my $ws = $Target =~ s/^http/ws/r;
$OUT .= " # Websockets proxypass\n";
$OUT .= " RewriteCond \%\{HTTP:Upgrade\} websocket [NC]\n";
$OUT .= " RewriteCond \%\{HTTP:Connection\} upgrade [NC]\n";
$OUT .= " RewriteRule .* ${ws}\%\{REQUEST_URI\} [P,L]\n\n";
}
my $target = $Target =~ s|/*$|/|r;
$OUT .= " # Reverse Proxy (with exclusion of local Letsencrypt challenge path)\n";
$OUT .= " ProxyPassMatch ^/.well-known/acme-challenge/ !\n";
$OUT .= " ProxyPass / $target $proxypassoptions\n";
$OUT .= " ProxyPassReverse / $target\n";
}