Nginx keepalive and websocket problem #666
Description
Title
When using GoGatekeeper behind NGINX with keepalive and websocket hanshake fails (service return 200,401,403... not HTTP/1.1 101 Switching Protocols) and keepalive connection not closed, while client is disconected. When request go through this connection, gogatekeeper does not add Authorisation header.
Summary
Gogatekeeper does not add Authorisation header to requests.
Steps to reproduce
Here is tar archive with nginx config and gogatekeeper config.
gogatekeeper-authorization-code-flow_debug_to_github_issue.tar.gz
- Download archive use your client_id and secret. Check roles.
docker compose up
- send the request http://127.0.0.1/200 in browser to get Cookie. project1 service return all your headers in html.
- Add your cookie kc-state, kc-access to this curl on Cookie header and make request.
docker run --rm --network host curlimages/curl:latest \
'ws://127.0.0.1/200' \
-H 'Upgrade: websocket' \
-H 'Cache-Control: no-cache' \
-H 'Cookie: kc-state=3; kc-access=' \
-v
After that, send the request http://127.0.0.1/200 in your browser and you will notice that the authorization header disappears i in the response from the project1 service.
I'm reduse to 1 max keepalive connection. So After websocket fail, every request will be without Auth header.
upstream upstream_balancer {
server gatekeeper:81;
keepalive 1;
keepalive_time 1h;
keepalive_timeout 60s;
keepalive_requests 10000;
}
Metadata
Metadata
Assignees
Labels
Type
Projects
Status