HAProxy and OctoPrint

Started by ideal2545, April 02, 2022, 12:27:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 02, 2022, 12:27:46 AM
Hey all,

I was hoping someone might be able to point me in the right direction. I use HAProxy installed on OPNsense for most of my internal services. I've got it all working except I'm having a weird issue with OctoPrint. Octoprint requires some back end pool passthroughs in order to properly re-write.

In my scenario i'm trying to make this work such as https://www.domain.com/octoprint which is how i do with my most of internal services.

According to this documentation it should look something like this: https://community.octoprint.org/t/reverse-proxy-configuration-examples/1107

Code Select
backend octoprint
  reqrep ^([^\ :]*)\ /octoprint/(.*)  \1\ /\2
  reqadd X-Script-Name:\ /octoprint
  option forwardfor
  server octoprint1 127.0.0.1:5000

and

Code Select
backend octoprint
  ...
  reqadd X-Scheme:\ https if { ssl_fc }
  ...
to indicate https requests.

What they recommend however for our version of HAProxy doesn't use reqrep and reqadd so after a bit of research I ended up with this as pass-through options:

Code Select
http-request replace-path ^([^\ :]*)\ /octoprint/(.*)  \1\ /\2
http-request add-header X-Script-Name /octoprint
option forwardfor
acl needs_scheme req.hdr_cnt(X-Scheme) eq 0
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

I am presented with a login screen to octoprint it just loops me when I try to login. On the octoprint log side it seems to terminate the connection right after I try logging in, however when just loading the front end I see that nearly all items load except for one particular JS file.

Any help is appreciated, maybe I'm not passing through the write things or I'm not using the UI properly in some way.

Thanks in advance,
Jon
May 18, 2023, 05:18:20 PM #1
It was a long time ago, just in case you are still looking for an answer, it worked for me. The only difference is that I don't have that "octoprint" in the path to reach my server.

The only "line" from your config I implemented was this.

Code Select
http-request set-header X-Forwarded-Proto https if { ssl_fc }

And I did it in the form of a "rule".



The condition is just a host prefix check.



And now the OctoPrint reverse proxy check passes.

Print
Go Up Pages1
User actions