• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAproxy websocket vs. certificate - strange behaviours ...

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 1 Posters 535 Views 1 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    planetinse
    last edited by planetinse Sep 20, 2024, 12:38 PM Sep 20, 2024, 11:58 AM

    HA returning 200 OK to browser and still seems to open tunnel (i can see traffic going back and forth in that websocket)

    However.... If i provide wrong/bad certificate (ie. another domain) that needs to be manually approved in the browser.
    It then after returns 101 Upgraded.

    request headers are identical when checking using developer mode.
    same behaviour in Edge, Chrome, FF.

    Tried hitting backend directly and I get 101 Upgraded

    I have tried with simplest mapping possible, no settings at all with just a default backend configured - same results.

    everything (seems to) work - EXCEPT the STATUS is 200 OK instead of expected 101 Upgraded

    why do i care? - because I see high CPU usage, and i think this is related.

    live example:
    https://demo.humly.xyz/

    ideas how to troubleshoot ?

    P 1 Reply Last reply Sep 20, 2024, 5:19 PM Reply Quote 0
    • P Offline
      planetinse @planetinse
      last edited by planetinse Sep 20, 2024, 5:25 PM Sep 20, 2024, 5:19 PM

      @planetinse

      If someone reads this the problem was related to HTTP/2 and http/1.1
      and known issues post Haproxy 2.4

      Enforcing traffic in frontend with alpn http/1.1 - solved the issue in my scenario.

      btw. the certificates was a blind-track, it was never related.

      https://github.com/haproxy/haproxy/issues/162

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received