• Hi,

    I cannot get bitwarden_rs websocket to work with the following config.

    It ignores everything and I only get 503's

    I am trying to proxy to the websocket of bitwarden_rs

    Can anyone help please?

    Thanks

    frontend private_servers
    	bind			xxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443   ssl crt-list /var/etc/haproxy/private_servers.crt_list  
    	mode			http
    	log			global
    	option			http-keep-alive
    	option			forwardfor
    	acl https ssl_fc
    	timeout client		30000
    	acl			bitwarden_ws	hdr(Connection) -i upgrade
    	acl			bitwarden_ws	hdr(Upgrade) -i websocket
    	acl			bitwarden_ws	var(txn.txnpath) -m str -i /notifications/hub
    	acl			aclcrt_private_servers	var(txn.txnhost) -m reg -i ^([^\.]*)\.domain\.name(:([0-9]){1,5})?$
    	http-request set-var(txn.txnpath) path
    	http-request set-var(txn.txnhost) hdr(host)
    	use_backend bitwarden_ws_ipvANY  if  bitwarden_ws aclcrt_private_servers
    	use_backend bitwarden_ws_ipvANY  if  bitwarden_ws aclcrt_private_servers
    	use_backend bitwarden_ipvANY  if   aclcrt_private_servers
    

  • Why do you get 503's?

    • haproxy health checks are showing the servers are down ?
    • none of the acl's match
    • other?

  • @piba

    The service is up.

    I think the acl's are not working.

    Is there a way of checking if the acl's are matched?

    Thanks


  • @clumbo said in Haproxy and websockets:

    The service is up.

    So the servers are shown in 'green' on the stats page?

    I think the acl's are not working.
    Is there a way of checking if the acl's are matched?

    Well you could check haproxy syslogs to see if the proper backend is selected. Also see if the requested hostname and path are the logged as expected. (Or check if backend stats are showing traffic pointing there)
    Perhaps also try and remove the certificate acl checkbox that would give you a 'proper' default backend in the config. If that changes anything lets see further..


  • @piba

    Thanks I have managed to fix the issue, the docker container didn't have the ws listening port open.

    Thankyou for your help