Websocket balance & Cross-Origin Request Blocked

@Matthieu_HPP wrote:

Hi,

I am upgrading my haproxy configuration to handle load balance with websockets. The new configuration is shown bellow. Modifications from previous configuration that was functional, are specified.

I do have the following error message once connected to corresponding website :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://helping-pong.com/socket.io/?EIO=3&transport=polling&t=LqQEI5-. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

Haproxy config file (global and defaults put at the end) :

#front-end
frontend https_app
        bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/letsencrypt
        default_backend  http_app

#back-end
backend http_app
        option httpchk
        http-request add-header X-Forwarded-Proto https if { ssl_fc }
        http-request set-header X-Forwarded-Port %[dst_port]

        ####### Code removed to handle balance
        server server_app_1  127.0.0.1:3001 maxconn 100

        ####### Code added to handle balance
        balance roundrobin
        cookie SERVERID insert indirect
        server server_app_1  127.0.0.1:3001 maxconn 100 weight 10 cookie server_app_1 check
        server server_app_2  127.0.0.1:3002 maxconn 100 weight 10 cookie server_app_2 check


global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        maxconn 10000
        debug

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES$
        ssl-default-bind-options no-sslv3

        ssl-default-server-options no-sslv3
        ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+$

defaults http
        log   global
        mode  http
        option  httplog
        option  dontlognull
        retries  3
        option  redispatch
        option  http-server-close
        option forceclose
        option forwardfor except 127.0.0.1
        timeout connect 5s
        timeout client 30s
        timeout client-fin 30s
        timeout tunnel 1h
        timeout server 30s

Help will be much appreciated

Posts: 4

Participants: 2

Read full topic