Hello,
I'm trying to use HAProxy as a ssl terminator for HTTP and WebSocket.
My problem is that sometimes (randomly it seems) HAProxy selects the wrong
backend and send my ws upgrade request to the http backend.
Below is my haproxy.cfg:
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
tune.ssl.default-dh-param 2048
user haproxy
group haproxy
daemon
defaults
log global
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend secure_all
bind 0.0.0.0:443 ssl crt /etc/ssl/domain.pem
default_backend lighttpd_backend
acl is_websocket hdr(Upgrade) -i websocket
acl is_photo_upload path_beg -i /photo_upload
use_backend websocket_backend if is_websocket
use_backend photo_upload_backend if is_photo_upload
frontend all
bind 0.0.0.0:80
default_backend lighttpd_backend
acl is_websocket hdr(Upgrade) -i websocket
acl is_photo_upload path_beg -i /photo_upload
use_backend websocket_backend if is_websocket
use_backend photo_upload_backend if is_photo_upload
backend lighttpd_backend
option http-server-close
server lighttpd_server 127.0.0.1:8081 maxconn 2048 check
backend websocket_backend
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server websocket_server 127.0.0.1:8080 maxconn 2048 check
backend photo_upload_backend
server photo_upload_server 127.0.0.1:8079 maxconn 2048 check
Regards,
Gustavo
I'm trying to use HAProxy as a ssl terminator for HTTP and WebSocket.
My problem is that sometimes (randomly it seems) HAProxy selects the wrong
backend and send my ws upgrade request to the http backend.
Below is my haproxy.cfg:
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
tune.ssl.default-dh-param 2048
user haproxy
group haproxy
daemon
defaults
log global
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend secure_all
bind 0.0.0.0:443 ssl crt /etc/ssl/domain.pem
default_backend lighttpd_backend
acl is_websocket hdr(Upgrade) -i websocket
acl is_photo_upload path_beg -i /photo_upload
use_backend websocket_backend if is_websocket
use_backend photo_upload_backend if is_photo_upload
frontend all
bind 0.0.0.0:80
default_backend lighttpd_backend
acl is_websocket hdr(Upgrade) -i websocket
acl is_photo_upload path_beg -i /photo_upload
use_backend websocket_backend if is_websocket
use_backend photo_upload_backend if is_photo_upload
backend lighttpd_backend
option http-server-close
server lighttpd_server 127.0.0.1:8081 maxconn 2048 check
backend websocket_backend
timeout queue 5000
timeout server 86400000
timeout connect 86400000
server websocket_server 127.0.0.1:8080 maxconn 2048 check
backend photo_upload_backend
server photo_upload_server 127.0.0.1:8079 maxconn 2048 check
Regards,
Gustavo