时间戳

首页 > 解决方案 > 将 haproxy 设置为 nodebb 的负载均衡器,但 socket.io 有问题

websocket - 将 haproxy 设置为 nodebb 的负载均衡器,但 socket.io 有问题

问题描述

我正在尝试在 haproxy 后面的两个节点上运行 nodebb。简单的浏览工作,但 socket.io 不断得到 403。

我的 haproxy.cfg 看起来像这样:

frontend http-in
    mode http
    bind 0.0.0.0:80
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind 0.0.0.0:443 ssl crt /etc/letsencrypt/live/test/test.pem
    http-response set-header strict-transport-security "max-age=31536000; includeSubDomains"
    http-response set-header Content-Security-Policy "default-src 'self' wss: https: *.startech-rd.tk/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https://casper.ghost.org/ https://www.gravatar.com/ data:; font-src 'self' https:"
    http-response set-header X-XSS-Protection "1; mode=block"
    http-response set-header X-Content-Type-Options "nosniff"
    http-response set-header Referrer-Policy "no-referrer"
    reqadd X-Forwarded-Proto:\ https
    acl is_websocket hdr(Upgrade) -i WebSocket
    acl is_websocket path_sub -i /socket.io/
    use_backend bk_ws if is_websocket
    acl acl_comments path_beg -i /comments
    use_backend comments if acl_comments

backend comments
mode         http
balance      leastconn
timeout      connect 1s
timeout      server  600s
timeout      queue   600s
option redispatch
retries 3
acl is_woff capture.req.uri -m sub .woff
acl is_ttf capture.req.uri -m sub .ttf
acl is_eot capture.req.uri -m sub .eot
http-response set-header Cache-Control public if is_eot or is_woff or is_ttf
http-response set-header Expires -1 if is_eot or is_woff or is_ttf
http-response set-header Pragma cache if is_eot or is_woff or is_ttf
cookie nodebb insert indirect nocache secure

server node1 10.160.125.81:4567 cookie nodebb_node1 check inter 1000 fastinter 500 rise 2 fall 1
server node2 10.160.125.82:4567 cookie nodebb_node2 check inter 1000 fastinter 500 rise 2 fall 1

backend bk_ws
option redispatch
balance roundrobin
option forwardfor
option httpclose
server node1 10.160.125.81:4567 maxconn 30000 weight 10 cookie ws_node1 check
server node2 10.160.125.82:4567 maxconn 30000 weight 10 cookie ws_node2 check

Websocket 连接一直在获得 403。

更新:我尝试在没有 haproxy 的情况下直接连接,并且 websocket 连接正确。但是我已经看到使用 haproxy 的 websocket 协议从 wss 更改为 https。

有什么办法可以防止这种情况发生?

标签: websocketsocket.iohaproxyhttp-status-code-403nodebb

解决方案

推荐阅读