Hi,
I am upgrading my haproxy configuration to handle load balance with websockets. The new configuration is shown bellow. Modifications from previous configuration that was functional, are specified.
I do have the following error message once connected to corresponding website :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://helping-pong.com/socket.io/?EIO=3&transport=polling&t=LqQEI5-. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)
Haproxy config file (global and defaults put at the end) :
#front-end
frontend https_app
bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/letsencrypt
default_backend http_app
#back-end
backend http_app
option httpchk
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
####### Code removed to handle balance
server server_app_1 127.0.0.1:3001 maxconn 100
####### Code added to handle balance
balance roundrobin
cookie SERVERID insert indirect
server server_app_1 127.0.0.1:3001 maxconn 100 weight 10 cookie server_app_1 check
server server_app_2 127.0.0.1:3002 maxconn 100 weight 10 cookie server_app_2 check
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 10000
debug
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES$
ssl-default-bind-options no-sslv3
ssl-default-server-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+$
defaults http
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
option forceclose
option forwardfor except 127.0.0.1
timeout connect 5s
timeout client 30s
timeout client-fin 30s
timeout tunnel 1h
timeout server 30s
Help will be much appreciated
This is not haproxy related, the browsers bocks this request for security reasons.
I suggest a read here:
Many thanks for your reply.
I do not have this error when do not implement (try at least), the load balance. therefore just using reverse proxy and terminate ssl.
Nonetheless it is an application problem which you have to troubleshoot on the application layer.
If you can tell what has to be done on the HTTP layer to fix this application problem, then we can help you.
Many thanks,
I believe I understand the problem…
The problem happens when I try to connect to my “socket.io” server (port 8000 proxyed to ports 8001 or 8002) from the main application server (port 443 proxyed to ports 3001 or 3002).
All the backend is made with nodejs.
For now I have not been able to make it works using main recommendations on stack overflow and equivalents, i.e. implementing within the server code :
io.origins([’:’])
or
app.use(function(req, res, next) {
res.header(“Access-Control-Allow-Origin”, “*”)
res.header(“Access-Control-Allow-Headers”, “Origin, X-Requested-With, Content-Type, Accept”)
next()
})
Any suggestion will be much appreciated
Matthieu
Hi,
I did not managed to handle cors issues so as to have a socket server separated from the main application server.
I have merged both nodejs applications server into a single one.
Load balance seems to work very well with this configuration.
Matthieu
Hi,
I have to split my application in to server so as to separate two socket.io usages.
My main application frontend is one the port 443, while the websocket application frontend is on the port 8000.
I would like to allow the access to my-domain.com:8000, from my-domain.com:443.
I have tried to allow access domain within my node application , unsuccessfully… I suppose I have to do this via HAProxy. i have used the following instructions In the HAProxy conf file shown bellow…
capture request header origin len 128
http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)]
What am I doing wrong ?
Many thanks for your help
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 10000
debug
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
ssl-default-server-options no-sslv3
ssl-default-server-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3D$
defaults http
log global
mode http
option httplog
option dontlognull
retries 3
option http-server-close
option forwardfor except 127.0.0.1
timeout connect 5s
timeout client 30s
timeout client-fin 30s
timeout tunnel 1h
timeout server 30s
#front-end
frontend https_app
bind 0.0.0.0:443 ssl no-sslv3 crt /etc/ssl/letsencrypt
default_backend http_app
frontend https_webconf
bind 0.0.0.0:8000 ssl no-sslv3 crt /etc/ssl/letsencrypt
capture request header origin len 128
http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)]
default_backend http_webconf
#back-end
backend http_app
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
server server_app_1 127.0.0.1:3001 maxconn 100
backend http_webconf
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]
server server_webconf_1 127.0.0.1:8001 maxconn 100
I posted the question on stackoverflow too.
https://stackoverflow.com/questions/45133522/allow-cors-haproxysocket-io
Help will be much appreciated
Matthieu
I have finally found the origin of all these difficulties…that’s embarrassing but I was using two configuration files so the modifications I tried to apply did not have any impact on the HAProxy behavior…
The configuration above mentioned works if put in the right file.
I am happy this basic problem is solved.