• 0 Votes
    1 Posts


    I am trying to setup nodebb with haproxy instead of nginx as frontend. Everything seam to be working however I am getting lots of 403 on /socket.io/ requests.

    frontend http-in mode http bind redirect scheme https code 301 if !{ ssl_fc } frontend https-in bind ssl crt /etc/letsencrypt/live/test/test.pem http-response set-header strict-transport-security "max-age=31536000; includeSubDomains" http-response set-header Content-Security-Policy "default-src 'self' wss: https: *.startech-rd.tk/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https://casper.ghost.org/ https://www.gravatar.com/ data:; font-src 'self' https:" http-response set-header X-XSS-Protection "1; mode=block" http-response set-header X-Content-Type-Options "nosniff" http-response set-header Referrer-Policy "no-referrer" reqadd X-Forwarded-Proto:\ https acl is_websocket hdr(Upgrade) -i WebSocket acl is_websocket path_sub -i /socket.io/ use_backend bk_ws if is_websocket acl acl_comments path_beg -i /comments use_backend comments if acl_comments backend comments mode http balance leastconn timeout connect 1s timeout server 600s timeout queue 600s option redispatch retries 3 acl is_woff capture.req.uri -m sub .woff acl is_ttf capture.req.uri -m sub .ttf acl is_eot capture.req.uri -m sub .eot http-response set-header Cache-Control public if is_eot or is_woff or is_ttf http-response set-header Expires -1 if is_eot or is_woff or is_ttf http-response set-header Pragma cache if is_eot or is_woff or is_ttf cookie nodebb insert indirect nocache secure server node1 cookie nodebb_node1 check inter 1000 fastinter 500 rise 2 fall 1 server node2 cookie nodebb_node2 check inter 1000 fastinter 500 rise 2 fall 1 backend bk_ws option redispatch balance roundrobin option forwardfor option httpclose server node1 maxconn 30000 weight 10 cookie ws_node1 check server node2 maxconn 30000 weight 10 cookie ws_node2 check```

    I have tried to connect directly without haproxy and the websockets are connecting correctly. However I've seen that using the haproxy the websocket protocol changed from wss to https.

    Any suggestions on how to fix this?