I'm new to SwiftNIO and Swift in general. I was wondering how I could get my Swift WebSocket Client to go through a specified proxy before it reaches my WebSocket Server.
I'm using NIOWebSocket and NIOSSL. Is there any support to do this?
I'm not sure if this can work as is but, maybe I can use this library in combination with NIOWebsocketClientUpgrader?
I sincerely apologize if this is not enough information. I'll be sure to answer any questions to provide more input.
Thank you in advance.
Note: Both my applications are basically the same as the websocket server and client examples provided by SwiftNIO but I have added TLS via the NIOSSL library.
SwiftNIO is extremely low level. This means you can get it to use a proxy, but to do so you have to understand how HTTP clients use proxies, as you need to do the work yourself.
The exact mechanism used depends on whether you’re doing ws:// or wss://. We can discuss in a bit more detail exactly how HTTP proxying works if you let me know which of those you’re doing.
Incidentally I should add that Vapor has a websocket client library that may make this problem easier by being substantially higher level. If it doesn’t support proxies today, it could.
I'll need to do my own research on how exactly HTTP clients use proxies first since I'm unfamiliar with it. I think I will be using wss:// since I will need to encrypt the data being sent with TLS. Correct me if I'm wrong but the flow should be: HTTPS -> CONNECT -> WS Upgrade Dance -> WebSocket. Since this will all be encrypted via TLS if I look at wireshark transfers I should just see TLS and TCP under the protocol section right?
Not necessarily. It's common when using wss:// via a proxy for the HTTP to the proxy to be unencrypted. You'd see a plaintext HTTP CONNECT, followed by the TLS handshake within that connection. The data after CONNECT and its response would be encrypted, but the HTTP may not be.
After. Conceptually you perform a HTTP connection to the proxy, and then that connection becomes a tunnel to the remote server. You then treat that connection like a straightforward WSS connection: TLS, then HTTP upgrade to websocket.