Skip to content

Latest commit

 

History

History
53 lines (30 loc) · 1.78 KB

README.md

File metadata and controls

53 lines (30 loc) · 1.78 KB

tunneling-ws-over-http2

Tunneling websocket over http2 using extended CONNECT protocol

This is a demonstration of tunneling websocket connections over http2 stream using the extended CONNECT protocol. This uses Envoy proxy to do the H2 hops.

[WS Client] —- HTTP/1.1 —- [Envoy A] —- HTTP/2 —- [Envoy B] —- HTTP/1.1 —- [WS Server]

References:

Creating the WS Client and WS server

Setting up the HTTP2 tunnel

We will setup both the plain-text tunnel and an encrypted tunnel.

Generate a cert

openssl req -x509 -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -keyout localhost-privkey.pem -out localhost-cert.pem

Get envoy proxy docker image

docker pull envoyproxy/envoy:latest

Run envoy as front proxy (Envoy A)

docker run --rm -p 8000:8000 -p 8002:8002 -v $(pwd):/certs -v $(pwd)/front-proxy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy:latest -l debug -c /etc/envoy/envoy.yaml

Run envoy as reverse proxy (Envoy B)

docker run --rm --name another -p 8001:8001 -p 8003:8003 -v $(pwd):/certs -v $(pwd)/reverse-proxy.yaml:/etc/envoy/envoy.yaml envoyproxy/envoy:latest -l debug -c /etc/envoy/envoy.yaml

With this, Envoy A on port 8000 tunnels to port 8001 of Envoy B over plain-text http2 and Envoy A on port 8002 tunnels to port 8003 of Envoy B over TLS.

Running the WS client through the tunnel

Through the plain-text tunnel

node ws-client.js 8000

Through the TLS tunnel

node ws-client.js 8002