Feature request: Reverse proxy support for encrypted websockets

[gilles]

Websites and apps use important data use SSL nowadays. A lot of apps use websockets for real-time communication with their backend. An https app cannot use unencrypted websockets, as it would be unsafe and most modern browsers do not allow it.

A fair number of people run their apps behind Apache / Nginx servers using them as reverse proxies, to benefit from their stability and protections. There is a fair chance more people would give LiteSpeed a chance if its reverse proxy supported encrypted websockets.

I would like to request this feature and hear if it is on the near-future roadmap.

 

[gilles]

Noting that documentation and wiki pages are misleading because they do not mention this lack of support. There is a tiny note on the LiteSpeed Enterprise Server documentation somewhere.

OLS features page (https://openlitespeed.org/openlitespeed-features/) says:

As Proxy

• WebSocket proxy support

which should mean both unencrypted and encrypted, but does not.

 

[gilles]

Or maybe I am misunderstanding and I can have an encrypted websocket connection between the client and OLS, and an unencrypted websocket connection between OLS and the backend server? It seems unlikely but I could be mistaken. I'm a newbie at reverse proxying.

 

[gilles]

Just re-read the LiteSpeed server documentation:

LiteSpeed currently can only offload SSL and forward to the backend using ws://. wss:// is not currently supported, and there are no plans to make it available soon. If you must, you could try an SSL tunnel. LiteSpeed communicates with the SSL tunnel via ws://, the SSL tunnel adds SSL encryption, and then the tunnel communicates with the backend via wss://.

and indeed I misunderstood.

It would be great if this little note is added to the OLS wiki pages related to reverse proxying (assuming the same is indeed true for OLS).

 

[gilles]

Here is where the note above appears: https://docs.litespeedtech.com/cp/cpanel/websocket-proxy/