HAProxy community

Cross-Origin Request Blocked:

First, heres the haproxy -vv:

HA-Proxy version 1.8.8-1ubuntu0.10 2020/04/03

Copyright 2000-2018 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-RAYurj/haproxy-1.8.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity(“identity”), deflate(“deflate”), raw-deflate(“deflate”), gzip(“gzip”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace


So I use HAproxy to access LXD containers. I installed the lua.cors directives into the haproxy.cfg but I am still getting the COR request blocked?

mydomain .us is ficticious as I don’t want traffic on my site right now.

website is an LXD container, accessed with http or https://www.mydomain.us. The acl for website works fine with or without the cors.lua.

The problem is broadcast is an LXD container running Ubuntu 18.04 and a nodejs app running on port 9001 and accessed with https://bcast.mydomain.us I can get to the webpage, but it is producing the Cross-Origin Request Blocked and I cannot proceed from the page. Here is the error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:9001/socket.io/?userid=1o1hbuzwazgacognu4f…imitPerUser=1&extra=%7B%7D&EIO=3&transport=polling&t=N8yWFI-. (Reason: CORS request did not succeed)

I inserted cors.lua. but it seems the error is beyond haproxy?

I tried the “*” in the http-response but it did not help.

Here is my haproxy.cfg:

`global
log 127.0.0.1 local0 notice info
lua-load /etc/haproxy/cors.lua
maxconn 2000
tune.ssl.default-dh-param 2048
user haproxy
tune.maxrewrite 4096
group haproxy

ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM
tune.ssl.default-dh-param 2048

defaults
log global
mode http
option forwardfor
option http-server-close
option httplog
option dontlognull
timeout connect 5000
timeout client 5000
timeout server 5000
timeout tunnel 2h #this is for websocket connections, 2 hours inactivity timeout
timeout client-fin 5000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend http_lb
bind *:80
http-request lua.cors
http-response lua.cors “GET,PUT,POST” “bcast.mydomain.us
bind *:8888

Test URI to see if its a letsencrypt request

acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl

bind *:443 ssl crt /etc/haproxy/certs

acl website hdr(host) -i mydomain.us www.mydomain.us
acl broadcast hdr(host) -i bcast.mydomain.us
use_backend mainweb if website
use_backend bcast1 if broadcast

backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888

backend mainweb
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server website website.lxd:80 check

backend bcast1
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server broadcast1 broadcast.lxd:9001 check ssl verify none
`
I appreciate any comments or suggestions for fixing this. I will be glad to provide any additional information you may need.

Ray