Haproxy and websockets
-
Hi,
I cannot get bitwarden_rs websocket to work with the following config.
It ignores everything and I only get 503's
I am trying to proxy to the websocket of bitwarden_rs
Can anyone help please?
Thanks
frontend private_servers bind xxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt-list /var/etc/haproxy/private_servers.crt_list mode http log global option http-keep-alive option forwardfor acl https ssl_fc timeout client 30000 acl bitwarden_ws hdr(Connection) -i upgrade acl bitwarden_ws hdr(Upgrade) -i websocket acl bitwarden_ws var(txn.txnpath) -m str -i /notifications/hub acl aclcrt_private_servers var(txn.txnhost) -m reg -i ^([^\.]*)\.domain\.name(:([0-9]){1,5})?$ http-request set-var(txn.txnpath) path http-request set-var(txn.txnhost) hdr(host) use_backend bitwarden_ws_ipvANY if bitwarden_ws aclcrt_private_servers use_backend bitwarden_ws_ipvANY if bitwarden_ws aclcrt_private_servers use_backend bitwarden_ipvANY if aclcrt_private_servers -
Why do you get 503's?
- haproxy health checks are showing the servers are down ?
- none of the acl's match
- other?
-
The service is up.
I think the acl's are not working.
Is there a way of checking if the acl's are matched?
Thanks
-
@clumbo said in Haproxy and websockets:
The service is up.
So the servers are shown in 'green' on the stats page?
I think the acl's are not working.
Is there a way of checking if the acl's are matched?Well you could check haproxy syslogs to see if the proper backend is selected. Also see if the requested hostname and path are the logged as expected. (Or check if backend stats are showing traffic pointing there)
Perhaps also try and remove the certificate acl checkbox that would give you a 'proper' default backend in the config. If that changes anything lets see further.. -
Thanks I have managed to fix the issue, the docker container didn't have the ws listening port open.
Thankyou for your help