• I'm using PFsense to provide an HA Proxy LB for Rancher's UI. I've got 3 servers in the pool and things seem to mostly work, but Rancher complains about websockets not working correctly.

    The error I see in Rancher is:

    Error connecting to WebSocket
    Unable to establish a WebSocket connection to the server. If your server is behind a proxy or SSL-termination device, Browser can not connect to WebSocket. If you run the server behind a proxy, please make sure the proxy supports WebSockets. Streaming stats, logs, shell/console, and auto-updating of the state of resources may not work until this is resolved.
    

    I don't know much about HAProxy, so I'm not sure where to start. Has anyone used either Rancher or other websocket based services behind HAProxy on PFSense?

    Is there a way to install NGINX?

    • PFSense: 2.4.4-RELEASE-p2
    • HAProxy: 1.7.11
    • Rancher: 2.3.5

    haproxy.cfg:

    # Automaticaly generated, dont edit manually.
    # Generated on: 2020-12-12 14:52
    global
            maxconn                 100
            stats socket /tmp/haproxy.socket level admin
            uid                     80
            gid                     80
            nbproc                  1
            hard-stop-after         15m
            chroot                          /tmp/haproxy_chroot
            daemon
            server-state-file /tmp/haproxy_server_state
    
    listen HAProxyLocalStats
            bind 127.0.0.1:2200 name localstats
            mode http
            stats enable
            stats admin if TRUE
            stats show-legends
            stats uri /haproxy/haproxy_stats.php?haproxystats=1
            timeout client 5000
            timeout connect 5000
            timeout server 5000
    
    frontend rancher
            bind                    10.168.12.20:443 name 10.168.12.20:443
            mode                    tcp
            log                     global
            timeout client          30000
            default_backend rancher_ipvANY
    
    backend rancher_ipvANY
            mode                    tcp
            id                      101
            log                     global
            balance                 roundrobin
            timeout connect         30000
            timeout server          30000
            retries                 3
            option                  httpchk GET /healthz
            timeout tunnel 24h
            server                  swarth-dok-001 10.168.12.247:443 id 102 check-ssl check inter 1000  verify none
            server                  swarth-dok-003 10.168.12.248:443 id 103 check-ssl check inter 1000  verify none
            server                  swarth-dok-002 10.168.12.246:443 id 104 check-ssl check inter 1000  verify none