reverse proxy of websockets
hi, please could you tell me if it is possible (and how) to configure haproxy in order to reverse proxy wss websockets in tcp mode ? Here is my conf file : global chroot /usr/local/haproxy/chroot daemon maxconn 256 defaults retries 3 option redispatch timeout tunnel 1h listen https_in bind :30443 mode tcp option tcplog log 127.0.0.1 user debug tcp-request inspect-delay 8s tcp-request content accept if WAIT_END acl is_ssl req_ssl_ver 2:3.1 use_backend ssh if !is_ssl tcp-request content accept if is_ssl tcp-request content accept if { req_ssl_hello_type 1 } use_backend https_gateone if { req_ssl_sni gateone.mydomain } backend ssh enabled mode tcp server ssh :22 timeout connect 5s timeout server 2h backend https_gateone enabled mode tcp timeout server 2h timeout connect 4s option ssl-hello-chk server https_gateone 127.0.0.1:8022 check inter 3 downinter 1000 GateOne tries to open a secure web socket (wss protocol) to the server through haproxy reverse proxy. Any idea ? regards, Emmanuel *Adoptez l'éco-attitude.* N'imprimez ce courriel que si c'est vraiment nécessaire
Re: TCP reverse proxy
you're right but this works only with a single protocol managed by haproxy, doesn't it ? My idea was to have an ACL for each of these standard protocols in order to have a specific backend. Regards, Emmanuel *Adoptez l'éco-attitude.* N'imprimez ce courriel que si c'est vraiment nécessaire 2012/5/7 Willy Tarreau w...@1wt.eu Hi Emmanuel, On Fri, Apr 20, 2012 at 09:02:07AM +0200, Emmanuel Bézagu wrote: As haproxy already accepts to reverse proxy ssl and ssh, would it be possible to support protocols as OpenVPN, tinc or XMPP ? Haproxy will work with any TCP-based protocol which does not report addresses or ports inside the payload. For instance, it works well on SSH, SMTP, LDAP, RDP, PeSIT, SSL, etc... but not on FTP, most RPC, etc... In general, any protocol which can easily be translated will work. I think this is the case for all those above, but you might prefer testing to be sure. Regards, Willy