OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: przeqpiciel on October 23, 2021, 10:29:22 am
-
Hi,
It is my first post here, I apologize on front for my fact I know nothing. But there is any possibilities to proxying websockets connection into my local network?
I have an docker machine where websocket server works, I add correctly (i could connect and browse WWW app) but I cant proxy websockets connection with ssl termination.
For this purpose I create new 'Real server' to point machine and port where I have docker, next which I did is created 'Backend pools' and point created previously 'Real server'. After that I create new Condition and Rule.
Condition if host match ... and rule if condition match than use specific backend pool - my fresh created backend pool.
After this steps I create new 'public service' and set on which ip and port i woiuld listen for new connections.
This is all what I set up but it not works. Can you help me and explain how to terminate websockets with ssl on opnsense and proxy it into my infrastructure ?
-
I developed that part of the nginx plugin. So I can tell you how it works there.
I made a gui switch that, when enabled, sets the backend protocol to HTTP 1.1 (nginx uses 1.0 by default and does not support 2.0 or higher in the backend) and that the upgrade header is forwarded to the backend. This header may look like this:
Connection: Upgrade
Upgrade: websocket
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade
Maybe you have to configure something similar in HAProxy.
-
Hi
imho HAProxy does not require any explicit configuration to support websockets.
in the advanced config it can also choose the backend by the websocket headers.
https://www.haproxy.com/blog/websockets-load-balancing-with-haproxy/
Perhaps the problem is somewhere else? maybe something interesting in the logs?
-
I'd be very interested in hearing how this can be achieved with OPNSense as I've been struggling for months trying to get the websocket connection to work with my PiKVM without any luck - posted several times here and even on Github.
So far the only help I get is that yes HAProxy can do it but never how to actually do it in OPNSense with its HAProxy plug-in. It's not a case of simply transposing any of the HAProxy document examples because the plug-in doesn't work that way, at least not in any way that I can see.
-
@Taomyn
I don't use websockets, so the test is pretty synthetic. but I tried to quickly run the https://libwebsockets.org/testserver page through the haproxy and see what happens.
at first glance it works
-
@Taomyn
I don't use websockets, so the test is pretty synthetic. but I tried to quickly run the https://libwebsockets.org/testserver (https://libwebsockets.org/testserver) page through the haproxy and see what happens.
at first glance it works
Yeah, but that tests outbound so I'd be testing their server against my browser and I wouldn't be going through HAProxy which is inbound to my server. I'd need to set up that same test environment here but I already know that websocket connections work because I can connect to my PiKVM direct from within my network and it's fine, it's only not working when I connect to it through HAProxy as I cannot get any config to work.
-
sorry, i'm not sure if you understood me correctly: I configured HAProxy with a libwebsockets.org backend. so their server is tested through my browser but through HAPproxy. result in attached pictures. websocket works through haproxy (172.17.1.105:448 is haproxy address on OPN test vm)