I have got Flash talking to CouchDB. I think anyone with such setup will hit
the
issue with <policy-file-request/> being sent by Flash >9 to port 843, and then
retrying on the port it's trying to connect to (for heavily fire-walled
environments the only options are ports 80 and 443 really).
I had some luck with following haproxy config (replace <myip>):
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
user haproxy
group haproxy
daemon
#debug
#quiet
defaults
log global
mode tcp
option tcplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend couchdb-in
bind <myip>:80
tcp-request inspect-delay 5s
acl traffic_is_http req_proto_http
tcp-request content accept if traffic_is_http
use_backend flash-socket-policy if !traffic_is_http
default_backend couchdb
backend couchdb
server couchdb5984 127.0.0.1:5984 maxconn 32
frontend couchdb-ssl-in
bind <myip>:443
tcp-request inspect-delay 5s
acl traffic_is_ssl req_ssl_ver gt 0
tcp-request content accept if traffic_is_ssl
use_backend flash-socket-policy if !traffic_is_ssl
default_backend couchdb-ssl
backend couchdb-ssl
mode tcp
server couchdb6984 127.0.0.1:6984 maxconn 32
backend flash-socket-policy
mode tcp
server policy843 127.0.0.1:843 maxconn 32
