I am trying to integrate traefik ingress route with middleware (forward-auth) for wss (secure websocket protocol). For https requests ingressRoute works fine with forward-auth, but for wss its not reaching to forward-auth, it's bypassing the middleware.
Tried many ingressRoutes with different pathprefix so that it can route to specific middleware which will forward to helidon app for authentication. I am trying to setup ForwardAuth for wss incoming requests in traefik Ingress, but it's forwarding/bypassing to actual server without reaching to middleware, same thing works fine for usual https calls.
My websocket url: wss://ip:443/ws/guest
How to fix wss traffic for ingressRoute?
IngressRoute.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik
name: traefik-tls
namespace: sample-domain1-ns
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: PathPrefix(`/ws`)
middlewares:
- name: test-auth-tls
namespace: sample-domain1-ns
services:
- kind: Service
name: sample-domain1-cluster
port: 8001
tls:
certResolver: default
forward-auth.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth-tls
namespace: sample-domain1-ns
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
forwardAuth:
address: https://sample-domain1-lb.sample-domain1-ns.svc.cluster.local:8080/auth
tls:
insecureSkipVerify: true
