Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy websocket vs. certificate - strange behaviours ...

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    2
    80
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      planetinse
      last edited by planetinse

      HA returning 200 OK to browser and still seems to open tunnel (i can see traffic going back and forth in that websocket)

      However.... If i provide wrong/bad certificate (ie. another domain) that needs to be manually approved in the browser.
      It then after returns 101 Upgraded.

      request headers are identical when checking using developer mode.
      same behaviour in Edge, Chrome, FF.

      Tried hitting backend directly and I get 101 Upgraded

      I have tried with simplest mapping possible, no settings at all with just a default backend configured - same results.

      everything (seems to) work - EXCEPT the STATUS is 200 OK instead of expected 101 Upgraded

      why do i care? - because I see high CPU usage, and i think this is related.

      live example:
      https://demo.humly.xyz/

      ideas how to troubleshoot ?

      P 1 Reply Last reply Reply Quote 0
      • P
        planetinse @planetinse
        last edited by planetinse

        @planetinse

        If someone reads this the problem was related to HTTP/2 and http/1.1
        and known issues post Haproxy 2.4

        Enforcing traffic in frontend with alpn http/1.1 - solved the issue in my scenario.

        btw. the certificates was a blind-track, it was never related.

        https://github.com/haproxy/haproxy/issues/162

        1 Reply Last reply Reply Quote 0
        • First post
          Last post