Websocket from one HAProxy backend to another backend fails

Ryan

4/17/23, 8:09 AM

I have two backends (b1, b2) sitting behind the same frontend (f1) in HAProxy, routing based on host name. I can establish websocket to both b1 and b2 from my laptop, however if I try to establish websocket to b2 from b1 (through f1) I get 1006 error (closed abnormaly - unexpected EOF). Pinging b2 from b1 succeeds. Here's my config:

frontend f1
    bind            192.168.1.1:443 name 192.168.1.1:443   ssl crt-list /var/etc/haproxy/ReverseProxyHTTP.crt_list  
    mode            http
    log         global
    option          httplog
    option          http-keep-alive
    option          forwardfor

    http-request set-header     X-Forwarded-Proto http if !https
    http-request set-header     X-Forwarded-Proto https if https
    timeout client      30000
    acl         b1  var(txn.txnhost) -m beg -i b1
    acl         b2  var(txn.txnhost) -m beg -i b2
    acl         hdr_connection_upgrade  hdr(Connection) -i upgrade
    acl         hdr_upgrade_websocket   hdr(Upgrade) -i websocket

    use_backend b1ws  if  b1 hdr_connection_upgrade hdr_upgrade_websocket 
    use_backend b1  if  b1 
    use_backend b2  if  b2
backend b1ws
    mode            http
    id          119
    log         global
    stick-table type ip size 50k expire 30m
    stick on src
    balance         source
    timeout connect     30000
    timeout server      30000
    retries         3
    server          s1 192.168.1.2:443 id 101 ssl  verify none resolvers globalresolvers 

backend b1
    mode            http
    id          117
    log         global
    stick-table type ip size 50k expire 30m
    stick on src
    balance         source
    timeout connect     30000
    timeout server      30000
    retries         3
    server          s1 192.168.1.2:443 id 101 ssl  verify none resolvers globalresolvers alpn h2,http/1.1 

backend b2
    mode            http
    id          120
    log         global
    stick-table type ip size 50k expire 30m
    stick on src
    balance         source
    timeout connect     30000
    timeout server      30000
    retries         3
    timeout tunnel 3600s
    server          s2 192.168.1.3:443 id 101 ssl  verify none resolvers globalresolvers

Note: b1 and b1ws point to the same server & port tho b1 prefers http2 for grpc. If websocket header is present, b1ws will be used.

176

0 + 0

haproxy

websocket

shearn89

4/17/23, 9:44 AM

Are you trying to connect from B2 -> F1 -> B1? Are you certain HAProxy isn't going to route the connection back to B2? Why not just connect directly from B2 -> B1 without going through the LB?

Ryan

4/17/23, 4:35 PM

@shearn89 B1 -> F1 -> B2; haproxy didn't route the connection back to B1 because if I do a simple http get to B2 (through F1) it succeeds. The LB actually does some url rewrite for compatibility reasons, besides all other typical reasons to use a load balancer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Websocket from one HAProxy backend to another backend fails

TH: Websocket จากแบ็กเอนด์ HAProxy หนึ่งไปยังแบ็กเอนด์อื่นล้มเหลว

RO: Websocket de la un backend HAProxy la altul eșuează

RU: Websocket от одного бэкэнда HAProxy к другому бэкэнду не работает

VI: Websocket từ một phụ trợ HAProxy này sang một phụ trợ khác không thành công

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.