More locked down websocket path

* Previously, the nginx location would match on /foo/websocket... or /foo/api/websocket... Now, we require these two paths to start at the root i.e. <host>/websocket/... /api/websocket/... * Note: We now also require an ending / and do NOT support <host>/websocket_foobar but DO support <host>/websocket/foobar. This was always the intended behavior. We want to keep <host>/api/websocket/... "open" and routing to daphne in case we want to add more websocket urls in the future.
2026-03-26 21:33:14 +00:00 · 2024-02-13 13:12:05 -05:00
parent 1eb8501430
commit 5f3d9ed96f
1 changed files with 1 additions and 1 deletions
--- a/roles/installer/templates/configmaps/config.yaml.j2
+++ b/roles/installer/templates/configmaps/config.yaml.j2
@@ -188,7 +188,7 @@ data:
                alias /var/lib/awx/public/static/media/favicon.ico;
            }

-            location ~ ({{ (ingress_path + '/websocket').replace('//', '/') }}|{{ (ingress_path + '/api/websocket').replace('//', '/') }}) {
+            location ~ ^({{ (ingress_path + '/websocket/').replace('//', '/') }}|{{ (ingress_path + '/api/websocket/').replace('//', '/') }}) {
                # Pass request to the upstream alias
                proxy_pass http://daphne;
                # Require http version 1.1 to allow for upgrade requests