HAproxy websocket vs. certificate - strange behaviours ...
-
HA returning 200 OK to browser and still seems to open tunnel (i can see traffic going back and forth in that websocket)
However.... If i provide wrong/bad certificate (ie. another domain) that needs to be manually approved in the browser.
It then after returns 101 Upgraded.request headers are identical when checking using developer mode.
same behaviour in Edge, Chrome, FF.Tried hitting backend directly and I get 101 Upgraded
I have tried with simplest mapping possible, no settings at all with just a default backend configured - same results.
everything (seems to) work - EXCEPT the STATUS is 200 OK instead of expected 101 Upgraded
why do i care? - because I see high CPU usage, and i think this is related.
live example:
https://demo.humly.xyz/ideas how to troubleshoot ?
-
If someone reads this the problem was related to HTTP/2 and http/1.1
and known issues post Haproxy 2.4Enforcing traffic in frontend with alpn http/1.1 - solved the issue in my scenario.
btw. the certificates was a blind-track, it was never related.