Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA Proxy Portainer Agent

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 578 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • LaxarusL
      Laxarus
      last edited by Laxarus

      I am trying to reverse proxy the edge agent for the portainer but websocket fails to connect. I can see the status of the agent as online but when I try to manually connect agent gives error.

      I've tried everything I could think of but I need a little outside help from more experienced people I think.

      Some background info:
      Portainer uses 9443 for HTTPS and 8000 for WS.

      This test environment is all internal but I will later deploy it as remote.
      I have successfully added the portainer to my ACL rules and it can be accessed with no problem.
      Agent has been deployed to another local docker host and the connection status shows as up on the main portainer page.

      When I try to manage the remote machine through my portainer master. I see "Connecting to the Edge environment..." then this error msg "There was an issue connecting to edge agent via tunnel. Click 'Retry' below to retry now, or wait 10 seconds to automatically retry."

      On the agent logs on remote machine:
      023/07/13 00:12:00 client: Connecting to ws://portainer.mydomain.org:8000
      2023/07/13 00:12:10 client: Connection error: dial tcp 10.10.10.10:8000: operation was canceled
      2023/07/13 00:12:10 client: Give up

      So I see that when I try to initiate a connection from the host, the remote machine tries to open a ws connection but fails. 10.10.10.10 is the virtual ip for the pfsense.

      Upon seeing that I have followed following guides but I saw no improvement
      https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy

      ## routing based on Host header
        acl host_ws hdr_beg(Host) -i ws.portainer
        use_backend bk_ws if host_ws
      

      https://portainer-notes.readthedocs.io/en/latest/faq.html

      acl portainer   hdr_end(host)   -i portainer.mydomain.org
      use_backend     portainer       if portainer
      

      Any help would be appreciated here. I can provide more information if requested.
      Everything works fine if I use local IP instead of reverse proxy.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.