Enhancement Request: HTTP Proxy Support for WebSocket Leaf Node Connections

[danbailey1000]

Proposed change

Proposed Solution

Add HTTP proxy support for WebSocket leaf node connections with:

• HTTP CONNECT tunnel establishment
• Proxy authentication support
• Configurable timeouts
• Integration with existing leaf node configuration

Implementation

• proxy configuration block in leaf node remotes
• HTTP CONNECT tunnel establishment
• Proxy authentication support
• Error handling and timeouts

Example
port: 4224

leafnodes {
remotes [{
urls: ["wss://demo001.usea1.mod.sws.domain1.com:443"]

proxy {
  url: ""http://de.coia.domain1.net:9400"
  connect_timeout: "30s"
}

}]

Use case

Problem

Currently, NATS server leaf nodes cannot connect to remote servers through HTTP forward proxies when using WebSocket connections. This prevents deployment in corporate environments where these policies exist, and defeats one of the main benefits of a leaf node (seamless extension of the "NATS mesh".

Use Case

Enterprise environments where:

• WebSocket connections must traverse HTTP forward proxies
• Corporate firewalls block direct connections
• Authentication to proxy servers

Contribution

Yes I already have a tested solution and can submit a pull request.

[derekcollison]

Feel free to submit a PR - Thanks!

[acormier-maia]

Does this require the use of websockets? Wouldn't an HTTP Proxy with CONNECT method be able to proxy TCP as well?

Also I would be very interested in testing if you are able to share the code.

[danbailey1000]

I have opened PR [(https://github.com//pull/7242]

Regarding using TCP I did not test this, only websocket . I will try to check