Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy config for Rancher

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jarush
      last edited by

      I'm using PFsense to provide an HA Proxy LB for Rancher's UI. I've got 3 servers in the pool and things seem to mostly work, but Rancher complains about websockets not working correctly.

      The error I see in Rancher is:

      Error connecting to WebSocket
      Unable to establish a WebSocket connection to the server. If your server is behind a proxy or SSL-termination device, Browser can not connect to WebSocket. If you run the server behind a proxy, please make sure the proxy supports WebSockets. Streaming stats, logs, shell/console, and auto-updating of the state of resources may not work until this is resolved.
      

      I don't know much about HAProxy, so I'm not sure where to start. Has anyone used either Rancher or other websocket based services behind HAProxy on PFSense?

      Is there a way to install NGINX?

      • PFSense: 2.4.4-RELEASE-p2
      • HAProxy: 1.7.11
      • Rancher: 2.3.5

      haproxy.cfg:

      # Automaticaly generated, dont edit manually.
      # Generated on: 2020-12-12 14:52
      global
              maxconn                 100
              stats socket /tmp/haproxy.socket level admin
              uid                     80
              gid                     80
              nbproc                  1
              hard-stop-after         15m
              chroot                          /tmp/haproxy_chroot
              daemon
              server-state-file /tmp/haproxy_server_state
      
      listen HAProxyLocalStats
              bind 127.0.0.1:2200 name localstats
              mode http
              stats enable
              stats admin if TRUE
              stats show-legends
              stats uri /haproxy/haproxy_stats.php?haproxystats=1
              timeout client 5000
              timeout connect 5000
              timeout server 5000
      
      frontend rancher
              bind                    10.168.12.20:443 name 10.168.12.20:443
              mode                    tcp
              log                     global
              timeout client          30000
              default_backend rancher_ipvANY
      
      backend rancher_ipvANY
              mode                    tcp
              id                      101
              log                     global
              balance                 roundrobin
              timeout connect         30000
              timeout server          30000
              retries                 3
              option                  httpchk GET /healthz
              timeout tunnel 24h
              server                  swarth-dok-001 10.168.12.247:443 id 102 check-ssl check inter 1000  verify none
              server                  swarth-dok-003 10.168.12.248:443 id 103 check-ssl check inter 1000  verify none
              server                  swarth-dok-002 10.168.12.246:443 id 104 check-ssl check inter 1000  verify none
      
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.