14

This is quite common problem, but I cannot find a solution to my specific case. I'm using Glassfish 4.1.1 and my application implements Websockets.

On a client side I'm connecting to WS-server simply by:

var serviceLocation = "ws://" + window.location.host + window.location.pathname + "dialog/";
var wsocket = new WebSocket(serviceLocation + token_var);

On a server side websockets are implemented via @ServerEndpoint functionality and looks very common:

@ServerEndpoint(value = "/dialog/{token}", decoders = DialogMessageDecoder.class)
public class DialogWebsoketEndpoint {

    @OnOpen
    public void open(final Session session, @PathParam("token") final String token) { ... }
etc.
}

Everything works fine up to the moment when customer tries to connect behind proxy. Using this test: http://websocketstest.com/ I've found that computer of the customer works behind http-proxy 1.1. He cannot connect to websockets, onopen simply do not fire at all. wsoscket.readyState never become 1.

How can I tune my ServerEndpoint to make this code work even when customer is connecting behind proxy?

Thank you in advance!

UPDATE: I would provide a screenshot with websocketstest at that computer:enter image description here

On my computer it seems similarly except one thing: HTTP Proxy: NO.

Luxor
  • 351
  • 1
  • 3
  • 17
  • Hope [this link](http://stackoverflow.com/questions/29430503/java-websocket-with-proxy) helps you – Sanjeev Aug 16 '16 at 12:25
  • 1
    I don't want to be the bearer of bad news, but in all likelihood it is the proxy server itself which does not support websockets properly. You can't program that away, except with a fallback mechanism to polling such as Socket.IO provides. – Gimby Aug 16 '16 at 12:27
  • Gimby, thank you for your answer, but http://websocketstest.com/ showed that handshake (and echo test) was successfull via ssl 443 port. So I think that websockets can work with that proxy-server. – Luxor Aug 16 '16 at 12:34
  • @Sanjeev, I guess it does not needed to set credentials in my case. Because my network does not have any proxy. Only client computer works behind the proxy. (Correct me if I misuderstood) – Luxor Aug 16 '16 at 12:43
  • @Luxor if your client is using a proxy to connect to outside world and this proxy server also get used when it is connecting to your server then yes they need to use these settings – Sanjeev Aug 16 '16 at 12:45
  • @Sanjeev , thank you! but how should I set credentials that was configured on that proxy-server and I do not have access to their credentials. Anyway, websocketstest somehow connected to the server (where websocketstest is hosted) without any credentials (we do not specify them and only launch the link). So I assume that it is possible for my web-server as well. – Luxor Aug 16 '16 at 13:00

1 Answers1

24

Much as the comments to the questions state, it seems the Proxy doesn't support Websockets properly.

This is a common issue (some cell-phone companies have proxies that disrupt websocket connections) and the solution is to use TLS/SSL connections.

The issue comes up mainly because some proxies "correct" (read: corrupt) the Websocket request headers.

However, when using TLS/SSL, the proxies can't read the header data (which is encrypted), causing data "pass-through" on most proxies.

This means the headers will arrive safely at the other end and the proxy will (mostly) ignore the connection... this might still cause an issue where connection timeouts are concerned, but it usually resolves the issue.

EDIT

Notice that the browsers will protect the client from mixing non-encrypted content with encrypted content. Make sure the script initiates the ws connections using the wss variant when TLS/SSL connections are used.

Myst
  • 18,516
  • 2
  • 45
  • 67
  • 1
    Thank you! We will make a try! – Luxor Aug 16 '16 at 13:51
  • @Luxor had any success? – Gimby Aug 18 '16 at 14:20
  • @Gimby, yes! Now it works via https/ssl (using wss protocol). Thank to Myst a lot! I also marked the answer as the best one! – Luxor Aug 19 '16 at 14:55
  • what if the proxy is intended to present a TLS/SSL front end but the back end is unencrypted? – Michael Feb 09 '21 at 02:49
  • @Michael - it is a very common setup where a proxy is used as an SSL/TLS gateway to a secured (and often enclosed) backend. However, this is the **endpoint proxy** and not the **intermediary proxies** I was referencing in my answer. The **endpoint** proxy is easily upgradable and administered, unlike **intermediary / hardware** proxy units you might find installed between different network regions. – Myst Feb 09 '21 at 17:02