Http redirect https + WebSocket + send clientIP

Hello!

I’ve faced with problem when tried to convert NGINX-configure to haproxy 2.3. The task is to redirect client from http:80 to https:443 and after success login switch HTTP to WebSocket. Also I have to send clientIP to backend via x-real-ip vs x-forwarded-for headers.
The websocket specific part of NGINX-config:

location / {
proxy_pass http://Farm;
proxy_http_version 1.1;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}

But I cannot reproduce right behavior with haproxy. I think because don’t understand some details in it. Could I ask a piece of advice how to solve my task?
My haproxy-config is:

frontend j38-fr
bind ip-add:80
mode http
redirect scheme https if !{ ssl_fc }
option forwardfor header X-Real-IP
option http-server-close
timeout tunnel 1h
use_backend Farm

backend bk_web
  balance roundrobin
  server websrv1  servIP:22088

I used this manual (Websockets Load Balancing with HAProxy - HAProxy Technologies) in my case.

When client tryes to switch http to websocket I get error at devtools in browser “WebSocket connection to ‘wss://example.loc/12345’ failed”

If I turn on mode tcp in frontend and backend section and try to connect to http://example.loc I see that http part works correct but when go to “example.loc/12345” (http switch to websocket mode) I receive the same error at devTools console of the browser → WebSocket connection to ‘wss://example.loc/12345’ failed"
Config here:

frontend j38-fr
bind ip-add:80
mode tcp
redirect scheme https if !{ ssl_fc }
option forwardfor header X-Real-IP
option http-server-close
timeout tunnel 1h
use_backend Farm

backend bk_web
  mode tcp
  balance roundrobin
  server websrv1  servIP:22088

In next case I added ssl options to frontend section (see config below). Now I manage to connect right. I don’t undestand how “bind ip-add:443 ssl crt file.pem” makes haproxy establish websocket in that case. Explain somebody, please

frontend j38-fr
    bind ip-add:80
    bind ip-add:443 ssl crt file.pem
    mode tcp
    redirect scheme https if !{ ssl_fc }
    option forwardfor header X-Real-IP
    option http-server-close
    timeout tunnel 1h
    use_backend Farm

backend bk_web
  mode tcp
  balance roundrobin
  server websrv1  servIP:22088

Question about use X-Real-IP and X-Forwarded-fore still opens

1 post - 1 participant

Read full topic