I am new to HAProxy and working with sockets in general. I have trouble hole-punching through the proxy to the endpoint that starts up the socket. As of now, I am not even sure the problem is Origin related, which initially thought it was.
Postman → Firewall (HaProxy) → Server
Between the client and Firewall the connection has SSL.
Between the Firewall and server there is no SSL
Is this set-up even possible? I mean is it necessary for the socket (wss) to have an SSL connection directly from client to server?
As of now, the server accepts cors from all clients until we go into production.
I might be wrong, but it seems the problem is, that when the connection is upgraded from HTTP to ws the reverse proxy doesn’t allow the data to go through and I receive error code 400 - where I expect to receive 101. But I have absolutely no clue how to fix the issue.
Fortunately, HAProxy embeds all you need to load-balance properly websockets…
I have backend servers that require websockets, and there’s no special configuration to support it. Occasionally, I come across an app that requires a specific header to be written, but that’s rare and very application-specific.
Yep, I use Cloudflare in front of mine as well. Shouldn’t hurt a thing.
If it works without HAProxy, see if there are any missing headers. Check the logs from HAProxy to see if maybe it’s just a routing issue or a seemingly unrelated misconfig. Outside of that, it might be worth reaching out to tthe community around the app.