proxy: add support for spdy upgrades (#1203)

This commit is contained in:
Travis Groth 2020-08-04 13:26:14 -04:00 committed by GitHub
parent 5653a398de
commit 7a53e6bb42
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 121 additions and 42 deletions

View file

@ -1134,16 +1134,6 @@ Note: This setting will replace (not append) the system's trust store for a give
Pomerium supports client certificates which can be used to enforce [mutually authenticated and encrypted TLS connections](https://en.wikipedia.org/wiki/Mutual_authentication) (mTLS). For more details, see our [mTLS example repository](https://github.com/pomerium/examples/tree/master/mutual-tls) and the [certificate docs](../docs/topics/certificates.md).
### Websocket Connections
- Config File Key: `allow_websockets`
- Type: `bool`
- Default: `false`
If set, enables proxying of websocket connections.
**Use with caution:** By definition, websockets are long-lived connections, so [global timeouts](#global-timeouts) are not enforced. Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
### Pass Identity Headers
- `yaml`/`json` setting: `pass_identity_headers`
@ -1156,6 +1146,24 @@ When enabled, this option will pass the identity headers to the downstream appli
- X-Pomerium-Jwt-Assertion
- X-Pomerium-Claim-*
### SPDY
- Config File Key: `allow_spdy`
- Type: `bool`
- Default: `false`
If set, enables proxying of SPDY protocol upgrades.
### Websocket Connections
- Config File Key: `allow_websockets`
- Type: `bool`
- Default: `false`
If set, enables proxying of websocket connections.
**Use with caution:** By definition, websockets are long-lived connections, so [global timeouts](#global-timeouts) are not enforced. Allowing websocket connections to the proxy could result in abuse via [DOS attacks](https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/).
## Authorize Service
### Authenticate Service URL