I’m trying to connect to a websocket written in Golang (gotty), but it seems that haproxy is not happy with the response headers (PH–) and it returns a 502.
000015fe:application.accept(0008)=001d from [172.22.0.3:57320] ALPN=
000015fe:application.clireq[001d:ffffffff]: GET /ws HTTP/1.1
000015fe:application.clihdr[001d:ffffffff]: host: haproxy:8080
000015fe:application.clihdr[001d:ffffffff]: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
000015fe:application.clihdr[001d:ffffffff]: accept-encoding: gzip, deflate, br, zstd
000015fe:application.clihdr[001d:ffffffff]: accept-language: en,es;q=0.9,en-GB;q=0.8,en-US;q=0.7
000015fe:application.clihdr[001d:ffffffff]: cache-control: no-cache
000015fe:application.clihdr[001d:ffffffff]: origin: https://localhost:53125
000015fe:application.clihdr[001d:ffffffff]: pragma: no-cache
000015fe:application.clihdr[001d:ffffffff]: sec-gpc: 1
000015fe:application.clihdr[001d:ffffffff]: sec-websocket-extensions: permessage-deflate; client_max_window_bits
000015fe:application.clihdr[001d:ffffffff]: sec-websocket-key: KxlEPLnl37gx22GTXVnZiQ==
000015fe:application.clihdr[001d:ffffffff]: sec-websocket-protocol: webtty
000015fe:application.clihdr[001d:ffffffff]: sec-websocket-version: 13
000015fe:application.clihdr[001d:ffffffff]: x-forwarded-for: 172.18.0.1, 172.18.0.10
000015fe:application.clihdr[001d:ffffffff]: x-forwarded-proto: https
000015fe:application.clihdr[001d:ffffffff]: x-real-ip: 172.18.0.1
000015fe:gotty_ws.srvrep[001d:0020]: HTTP/1.1 101 Switching Protocols
000015fe:gotty_ws.srvhdr[001d:0020]: upgrade: websocket
000015fe:gotty_ws.srvhdr[001d:0020]: connection: Upgrade
000015fe:gotty_ws.srvhdr[001d:0020]: sec-websocket-accept: Hm0H10wU2OhXWeLjYq76vQXqK4k=
000015fe:gotty_ws.srvhdr[001d:0020]: sec-websocket-protocol: webtty
000015fe:gotty_ws.srvcls[001d:0020]
000015fe:gotty_ws.clicls[001d:0020]
000015fe:gotty_ws.closed[001d:0020]
172.22.0.3:57320 [04/Jul/2024:12:32:48.702] application~ gotty_ws/gotty_server 0/0/0/-1/0 502 369 - - PH-- 8/7/0/0/0 0/0 “GET /ws HTTP/1.1”
This is the configuration I have for the backend:
backend gotty_ws
mode http
acl hdr_connection_upgrade hdr(Connection) -i upgrade
acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
acl hdr_websocket_key hdr_cnt(Sec-WebSocket-Key) eq 1
acl hdr_websocket_version hdr_cnt(Sec-WebSocket-Version) eq 1
# option httpchk
# http-check send meth GET uri /ws ver HTTP/1.1 hdr Host server hdr Connection Upgrade hdr Upgrade websocket hdr Sec-WebSocket-Key haproxy hdr Sec-WebSocket-Version 13 hdr Sec-WebSocket-Protocol webtty hdr Sec-Websocket-Extensions “permessage-deflate; client_max_window_bits”
option h1-case-adjust-bogus-server
option accept-invalid-http-response
http-check expect status 101
option http-server-close
timeout tunnel 1h
http-request set-header Connection upgrade
http-request set-header Upgrade websocket
default-server check maxconn 2000
server gotty_server gotty:8080 alpn http/1.1 ws h1
The strange thing is that if I enable the healthcheck it detects that is returning 101, but somehow there is something that haproxy does not like.