How to get WebSocket client to use proxy?

I'm new to SwiftNIO and Swift in general. I was wondering how I could get my Swift WebSocket Client to go through a specified proxy before it reaches my WebSocket Server.

I'm using NIOWebSocket and NIOSSL. Is there any support to do this?

I've also been looking at: https://github.com/swift-server/async-http-client

I'm not sure if this can work as is but, maybe I can use this library in combination with NIOWebsocketClientUpgrader?

I sincerely apologize if this is not enough information. I'll be sure to answer any questions to provide more input.

Thank you in advance.

Note: Both my applications are basically the same as the websocket server and client examples provided by SwiftNIO but I have added TLS via the NIOSSL library.

SwiftNIO is extremely low level. This means you can get it to use a proxy, but to do so you have to understand how HTTP clients use proxies, as you need to do the work yourself.

The exact mechanism used depends on whether you’re doing ws:// or wss://. We can discuss in a bit more detail exactly how HTTP proxying works if you let me know which of those you’re doing.

Incidentally I should add that Vapor has a websocket client library that may make this problem easier by being substantially higher level. If it doesn’t support proxies today, it could.

I'll need to do my own research on how exactly HTTP clients use proxies first since I'm unfamiliar with it. I think I will be using wss:// since I will need to encrypt the data being sent with TLS. Correct me if I'm wrong but the flow should be: HTTPS -> CONNECT -> WS Upgrade Dance -> WebSocket. Since this will all be encrypted via TLS if I look at wireshark transfers I should just see TLS and TCP under the protocol section right?

Not necessarily. It's common when using wss:// via a proxy for the HTTP to the proxy to be unencrypted. You'd see a plaintext HTTP CONNECT, followed by the TLS handshake within that connection. The data after CONNECT and its response would be encrypted, but the HTTP may not be.

Here is the link to the current version btw:

I see, thanks for the info. Where would a WebSocket Upgrade come in place? Directly after the TLS handshake or would it be before?

After. Conceptually you perform a HTTP connection to the proxy, and then that connection becomes a tunnel to the remote server. You then treat that connection like a straightforward WSS connection: TLS, then HTTP upgrade to websocket.

1 Like
Terms of Service

Privacy Policy

Cookie Policy