<Proxy "*">
Require host internal.example.com
</Proxy>
+ </highlight>
+ </example>
+ <example><title><a id="wsupgrade" name="wsupgrade">Websocket Upgrade (2.4.47 and later)</a></title>
+ <highlight language="config">
+ProxyPass "/some/ws/capable/path/" "http://example.com/some/ws/capable/path/" upgrade=websocket
</highlight>
</example>
</section> <!-- /examples -->
AJP connection.<br />
Available in Apache HTTP Server 2.4.42 and later.
</td></tr>
- <tr><td>upgrade</td>
+ <tr><td><a id="upgrade" name="upgrade">upgrade</a></td>
<td>WebSocket</td>
- <td><p>Protocol accepted in the Upgrade header by <module>mod_proxy_wstunnel</module>.
- See the documentation of this module for more details.</p>
+ <td><p>Protocol accepted by <module>mod_proxy_http</module> or
+ <module>mod_proxy_wstunnel</module> for the HTTP Upgrade mechanism
+ upon negotiation by the HTTP client/browser (per
+ <a href="https://www.ietf.org/rfc/rfc9110.html#name-upgrade">RFC 9110 - Upgrade</a>).
+ See the <a href="#protoupgrade">Protocol Upgrade</a> note below</p>
</td></tr>
<tr><td>mapping</td>
<td>-</td>
ProxyPassReverse "/mirror/foo/" "http://backend.example.com/"
ProxyPassReverse "/mirror/foo/" "https://backend.example.com/"
</highlight>
+
+ <note><title><a id="protoupgrade" name="protoupgrade">Protocol Upgrade</a></title>
+ <p>Since Apache HTTP Server 2.4.47, protocol Upgrade (tunneling) can be handled
+ end-to-end by <module>mod_proxy_http</module> using the <directive>ProxyPass</directive>
+ parameter <var><a href="#upgrade">upgrade</a></var>.</p>
+ <p>End-to-end means that the HTTP Upgrade request from the client/browser is first
+ forwarded by <module>mod_proxy_http</module> to the origin server and the connection
+ will be upgraded (and tunneled by <module>mod_proxy_http</module>) only if the origin
+ server accepts/initiates the upgrade (HTTP response <code>101 Switching Protocols</code>).
+ If the origin server responds with anything else <module>mod_proxy_http</module>
+ will continue forwarding (and enforcing) the HTTP protocol as usual for this
+ connection.</p>
+ <p>See <a href="#wsupgrade">Websocket Upgrade (2.4.47 and later)</a> for an example of
+ configuration using <module>mod_proxy_http</module>.</p>
+ <p>For Apache HTTP Server 2.4.46 and earlier (or if
+ <directive module="mod_proxy_wstunnel">ProxyWebsocketFallbackToProxyHttp</directive>
+ from 2.4.48 and later disables <module>mod_proxy_http</module> handling), see the
+ documentation of <module>mod_proxy_wstunnel</module> for how to proxy the WebSocket
+ protocol.</p>
+ </note>
</usage>
</directivesynopsis>
<compatibility>Available in httpd 2.4.5 and later</compatibility>
<summary>
- <p>This module <em>requires</em> the service of <module
- >mod_proxy</module>. It provides support for the tunnelling of web
+ <note type="warning"><title><a id="deprecation" name="deprecation">Deprecation</a></title>
+ <p>Since Apache HTTP Server 2.4.47, protocol Upgrade (tunneling) can be better handled by
+ <module>mod_proxy_http</module>.</p>
+ <p>See <a href="mod_proxy.html#protoupgrade">Protocol Upgrade</a>.</p>
+ </note>
+
+ <p>This module <em>requires</em> the service of <module >mod_proxy</module>.
+ It provides support for the tunnelling of web
socket connections to a backend websockets server. The connection
is automatically upgraded to a websocket connection:</p>
<p>Load balancing for multiple backends can be achieved using <module>mod_proxy_balancer</module>.</p>
-<p>In fact the module can be used to upgrade to other protocols, you can set the <code>upgrade</code>
-parameter in the <directive type="ProxyPass" module="mod_proxy">ProxyPass</directive>
-directive to allow the module to accept other protocol.
-NONE means you bypass the check for the header but still upgrade to WebSocket.
-ANY means that <code>Upgrade</code> will read in the request headers and use
-in the response <code>Upgrade</code></p>
+<p>
+The module can also be used to upgrade to other protocols than WebSocket, by setting
+the <var><a href="mod_proxy.html#upgrade">upgrade</a></var> parameter in the
+<directive type="ProxyPass" module="mod_proxy">ProxyPass</directive>
+directive to some custom protocol name.
+Special <code>upgrade=NONE</code> and <code>upgrade=ANY</code> values may be used for
+testing/forcing the upgrade but they are <strong>not recommended</strong> in production for
+security reasons.
+<code>NONE</code> means that the check for the header is omitted but still the upgrade/tunneling to
+WebSocket always happens.
+<code>ANY</code> means that the upgrade/tunneling will happen using any protocol asked by the client.
+</p>
</summary>
<seealso><module>mod_proxy</module></seealso>
projects / thirdparty / apache / httpd.git / commitdiff
