reverse proxy of websockets
hi,
please could you tell me if it is possible (and how) to configure haproxy
in order to reverse proxy wss websockets in tcp mode ?
Here is my conf file :
global
chroot /usr/local/haproxy/chroot
daemon
maxconn 256
defaults
retries 3
option redispatch
timeout tunnel 1h
listen https_in
bind :30443
mode tcp
option tcplog
log 127.0.0.1 user debug
tcp-request inspect-delay 8s
tcp-request content accept if WAIT_END
acl is_ssl req_ssl_ver 2:3.1
use_backend ssh if !is_ssl
tcp-request content accept if is_ssl
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend https_gateone if { req_ssl_sni gateone.mydomain }
backend ssh
enabled
mode tcp
server ssh :22
timeout connect 5s
timeout server 2h
backend https_gateone
enabled
mode tcp
timeout server 2h
timeout connect 4s
option ssl-hello-chk
server https_gateone 127.0.0.1:8022 check inter 3 downinter 1000
GateOne tries to open a secure web socket (wss protocol) to the server
through haproxy reverse proxy.
Any idea ?
regards,
Emmanuel
*Adoptez l'éco-attitude.*
N'imprimez ce courriel que si c'est vraiment nécessaire
Re: TCP reverse proxy
you're right but this works only with a single protocol managed by haproxy, doesn't it ? My idea was to have an ACL for each of these standard protocols in order to have a specific backend. Regards, Emmanuel *Adoptez l'éco-attitude.* N'imprimez ce courriel que si c'est vraiment nécessaire 2012/5/7 Willy Tarreau w...@1wt.eu Hi Emmanuel, On Fri, Apr 20, 2012 at 09:02:07AM +0200, Emmanuel Bézagu wrote: As haproxy already accepts to reverse proxy ssl and ssh, would it be possible to support protocols as OpenVPN, tinc or XMPP ? Haproxy will work with any TCP-based protocol which does not report addresses or ports inside the payload. For instance, it works well on SSH, SMTP, LDAP, RDP, PeSIT, SSL, etc... but not on FTP, most RPC, etc... In general, any protocol which can easily be translated will work. I think this is the case for all those above, but you might prefer testing to be sure. Regards, Willy
