Skip to content

Instantly share code, notes, and snippets.

@olekukonko

olekukonko/haproxy

Created August 8, 2013 21:30
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save olekukonko/6188952 to your computer and use it in GitHub Desktop.
Save olekukonko/6188952 to your computer and use it in GitHub Desktop.
Download ZIP
Different websocket connection HA Proxy vs Nginx
Raw
haproxy
#### HA Proxy
// PROXY BASED ON SUB-DOMAIN
frontend public
bind *:80
acl is_websocket hdr_end(host) -i ws.example.com
use_backend ws if is_websocket
default_backend www
backend www
timeout server 30s
server www1 127.0.0.1:8080
backend ws
timeout server 600s
server ws1 127.0.0.1:8000
// 2. PROXY BASED ON URI
frontend public
bind *:80
acl is_example hdr_end(host) -i example.com
acl is_websocket path_beg -i /websockets
use_backend ws if is_websocket is_example
default_backend www
// PROXY USING WEBSOCKET DETECTION
frontend public
bind *:80
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket_server hdr_end(host) -i ws.example.com
use_backend ws if is_websocket is_websocket_server
default_backend www
Raw
nginx
#### Nginx
// WebSocket Proxy
Simple forwarding of unencrypted HTTP and WebSocket to a different host:
server {
listen 80;
server_name ws.example.com;
location / {
access_log off;
proxy_pass http://ws.example.com:10080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
// WebSocketSecure SSL Endpoint
The proxy is also an SSL endpoint for WSS and HTTPS connections. So the clients can use wss:// connections (e.g. from pages served via HTTPS) which work better with broken proxy servers, etc.
server {
listen 443;
server_name ws.example.com;
ssl on;
ssl_certificate ws.example.com.bundle.crt;
ssl_certificate_key ws.example.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
# like above
}
}
// WSS Proxy with Path Rewriting
Like above, but HTTPS and WSS endpoints are not “/” but “/services/myservice/”. So something like wss://api.example.com/services/myservice can be done.
server {
# like above
location /services/myservice {
access_log off;
proxy_pass http://ws1.example.com:10080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Path rewriting
rewrite /services/myservice/(.*) /$1 break;
proxy_redirect off;
}
}
// Load Balancing
Like 3., but there are three WS backends (ws1, ws2, ws3). Each client must always be forwarded to the same backend (e.g. when using HTTPS requests).
upstream webpush {
ip_hash;
server ws1.example.com:10080;
server ws2.example.com:10080;
server ws3.example.com:10080;
}
server {
# like above
location /services/myservice {
proxy_pass http://webpush;
# the rest, like above
}
@patrick-bark
Copy link

This is what I'm looking for, except that the Nginx one doesn't actually separate the web socket traffic like the HAproxy one does.

@xinjing201610
Copy link

haproxy如何代理 wss

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment