Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy config for Rancher

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jarush
      last edited by

      I'm using PFsense to provide an HA Proxy LB for Rancher's UI. I've got 3 servers in the pool and things seem to mostly work, but Rancher complains about websockets not working correctly.

      The error I see in Rancher is:

      Error connecting to WebSocket
Unable to establish a WebSocket connection to the server. If your server is behind a proxy or SSL-termination device, Browser can not connect to WebSocket. If you run the server behind a proxy, please make sure the proxy supports WebSockets. Streaming stats, logs, shell/console, and auto-updating of the state of resources may not work until this is resolved.

      I don't know much about HAProxy, so I'm not sure where to start. Has anyone used either Rancher or other websocket based services behind HAProxy on PFSense?

      Is there a way to install NGINX?

      • PFSense: 2.4.4-RELEASE-p2
      • HAProxy: 1.7.11
      • Rancher: 2.3.5

      haproxy.cfg:

      # Automaticaly generated, dont edit manually.
# Generated on: 2020-12-12 14:52
global
        maxconn                 100
        stats socket /tmp/haproxy.socket level admin
        uid                     80
        gid                     80
        nbproc                  1
        hard-stop-after         15m
        chroot                          /tmp/haproxy_chroot
        daemon
        server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
        bind 127.0.0.1:2200 name localstats
        mode http
        stats enable
        stats admin if TRUE
        stats show-legends
        stats uri /haproxy/haproxy_stats.php?haproxystats=1
        timeout client 5000
        timeout connect 5000
        timeout server 5000

frontend rancher
        bind                    10.168.12.20:443 name 10.168.12.20:443
        mode                    tcp
        log                     global
        timeout client          30000
        default_backend rancher_ipvANY

backend rancher_ipvANY
        mode                    tcp
        id                      101
        log                     global
        balance                 roundrobin
        timeout connect         30000
        timeout server          30000
        retries                 3
        option                  httpchk GET /healthz
        timeout tunnel 24h
        server                  swarth-dok-001 10.168.12.247:443 id 102 check-ssl check inter 1000  verify none
        server                  swarth-dok-003 10.168.12.248:443 id 103 check-ssl check inter 1000  verify none
        server                  swarth-dok-002 10.168.12.246:443 id 104 check-ssl check inter 1000  verify none
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.