Support #11564
openforce TLS from behind a proxy
0%
Description
My application is running behind a AWS load balancer proxy and I believe the upgrade to wss is not working because the wt application thinks it should load the insecure version since that's how it was requested.
*browser makes https request for a widget.
*aws proxy takes https request and sends http request to widget. There is no X-Forwarded-Proto in the request header when received by Wt.
*wt widget sends back response with request to upgrade to a insecure websocket.
*browser tries to make insecure websocket connection but it fails because aws proxy is only forwarding https
Is there any way to force a wss upgrade response only even if the request comes in over http?
Thanks
Updated by Roel Standaert over 1 year ago
*aws proxy takes https request and sends http request to widget. There is no X-Forwarded-Proto in the request header when received by Wt.
Your answer is in the question. Wt needs to know it's behind a reverse proxy, and needs to get some information from the reverse proxy. This includes the X-Forwarded-Proto header.
Your load balancer will thus need to be configured to send that header, and Wt needs to be configured to trust the reverse proxy (the <trusted-proxy-config> section in wt_config.xml)