-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Source Protocol #7
Comments
Please clarify what you mean by "determine the originating protocol" -- I'm not quite sure what you mean. |
Thanks for the quick response. I mean, the protocol used between the client and the load balancer. On AWS, I have a load balancer listening on 443/SSL, the instance is 80/TCP. Trying to determine the protocol with req.protocol produces "http" in both scenarios. Is there any way to get around that? |
To clarify what I meant further, by "both scenarios" I mean, 80 / TCP on the load balancer => 80 / TCP on the instance and 443 / SSL on the load balancer => 80 / TCP on the instance. The load balancer is configured to serve the SSL certificate. As far as the application is concerned, requests coming through 443 and 80 on the load balancer are "http", which may be problematic. |
OK, I see. If you're doing SSL termination at the ELB, the bytes that node gets are identical for TCP and SSL; there's no way to determine whether they were originally encrypted. Thus, all node will ever see are plain bytes, and the http module will set However, it is possible for you to override this behavior based on port information. There are two approaches:
I'm going to do the latter at some point soon (it's actually a long outstanding feature request), but you can do the former immediately as a quick workaround. |
Thanks. Yes, number one should work. Haven't thought about that. What about X-forwarded-proto header? Could that be used, or is it not available? |
By design, the PROXY protocol is unaware of the application protocol that it wraps. That means we can't touch HTTP headers. If you use the ELB in HTTP/HTTPS mode (rather than TCP/SSL), it is aware of the application protocol and inserts
|
Thanks for your explanation. I'd like to use websockets with ELB which is why I am looking into this. I will proceed with using @sadasant pull request as it's cleaner than listening on multiple ports. Thanks again! |
Warning: I'm not going to use that PR. It overwrites information that might actually be useful. I'm going to add new properties with the PROXY destination information. |
Hi,
I need to be able to determine the originating protocol. There is no way to currently do this with proxywrap, correct?
The text was updated successfully, but these errors were encountered: