@ArseniiPetrovich wrote:
Hi, guys. I’m so sorry if those kind of topic were already discussed here, but I was not able to find any mentioning of using
HAProxyas areverse proxyfor secured web sockets. Let me give an example to clarify what I’m talking about:
Let me say, that i have a site (example.com), one directory of which (example.com/test) should point to another site (helloworld.com), masking its content. So, when I open a pageexample.com/testI will see ahelloworld.compage, but it still will beexample.com/testin by browser’s address bar. This is what reverse proxy basically do.
Also,example.comhas cloudflare CDN enabled (I’m not sure if this is important or not).Now the main point. Let me say that I have a
helloworld.com/socketpage, that is used as endpoint of mywebsocket. When I’m openinghelloworld.comsome scripts are opening this websocket. Request URL from my browser looks likewss://helloworld.com/socket. And it is working pretty fine.
However, when I’m trying to openexample.com/testI’m getting 403 error trying to open socket. And I can’t get any error on the server side.
Am I doing smth wrong? Pasting config below. Many thanks for any answer!global debug log /dev/log local0 debug log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull option http-server-close option redispatch option contstats timeout tunnel 3600 timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend def bind *:80 mode http acl is_upgrade hdr(Connection) -i upgrade acl is_websocket hdr(Upgrade) -i websocket acl is_test path_beg /test use_backend test if is_test use_backend test_ws if is_websocket backend test mode http acl is_test path_beg /test reqirep ^([^\ ].*)test[/]?(.*) \1\2 if is_test http-request set-header X-Forwarded-Host %[req.hdr(Host)] http-request set-header X-Client-IP %[src] http-request set-header Host helloworld.com cookie network insert server test helloworld.com:443 cookie core ssl verify none check backend test_ws acl hdr_websocket_key hdr_cnt(Sec-WebSocket-Key) eq 1 acl hdr_websocket_version hdr_cnt(Sec-WebSocket-Version) eq 1 http-request deny if ! hdr_websocket_key ! hdr_websocket_version option forwardfor http-request set-header X-Client-IP %[src] http-request set-header X-Forwarded-Host %[req.hdr(Host)] http-request set-header Host helloworld.com cookie network insert server default helloworld.com:443 ssl verify none cookie core check
Posts: 1
Participants: 1