Module proxy 

Proxy support for outbound WebSocket connections.

Implements HTTP CONNECT tunneling so a WebSocketClient can be reached through an HTTP or HTTPS forward proxy. The same proxy_url field is used by the HTTP client (via reqwest::Proxy::all), keeping a single config field for both transports.

socks5:// / socks5h:// URLs are recognized but not yet implemented for the WebSocket path. The dispatcher logs a warning and falls back to a direct connection so that REST configs that already point at a SOCKS proxy keep working unchanged. SOCKS support requires the optional tokio-socks crate, which is not yet a workspace dependency.

The tunnel is established as follows:

1. TCP connect to the proxy host / port.
2. If the proxy URL scheme is https, layer TLS using the proxy host as the SNI and certificate domain.
3. Send CONNECT target_host:target_port HTTP/1.1 plus the matching Host: header (and optional Proxy-Authorization: derived from the proxy URL user-info).
4. Read the response line and headers; require a 2xx status.
5. If the upstream WebSocket scheme is wss, layer a second TLS session using the upstream host name.
6. Hand the resulting stream to tokio-tungstenite’s client_async so the WebSocket handshake completes over the tunnel.

Structs

ProxyTarget

Parsed components of a forward proxy URL.

WsTarget

Parsed components of a target WebSocket URL needed by the proxy hop.

Enums

ProxiedStream

Stream produced by tunnel_via_proxy when the upstream is ws:// (no upstream TLS, but the proxy hop itself may have been TLS-protected).

ProxyKind

Outcome of parsing a proxy URL prior to opening a tunnel.

Functions

tunnel_via_proxy

Establish a tunneled connection through proxy to the WebSocket target.