websocket - 将 haproxy 设置为 nodebb 的负载均衡器,但 socket.io 有问题
问题描述
我正在尝试在 haproxy 后面的两个节点上运行 nodebb。简单的浏览工作,但 socket.io 不断得到 403。
我的 haproxy.cfg 看起来像这样:
frontend http-in
mode http
bind 0.0.0.0:80
redirect scheme https code 301 if !{ ssl_fc }
frontend https-in
bind 0.0.0.0:443 ssl crt /etc/letsencrypt/live/test/test.pem
http-response set-header strict-transport-security "max-age=31536000; includeSubDomains"
http-response set-header Content-Security-Policy "default-src 'self' wss: https: *.startech-rd.tk/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' https://casper.ghost.org/ https://www.gravatar.com/ data:; font-src 'self' https:"
http-response set-header X-XSS-Protection "1; mode=block"
http-response set-header X-Content-Type-Options "nosniff"
http-response set-header Referrer-Policy "no-referrer"
reqadd X-Forwarded-Proto:\ https
acl is_websocket hdr(Upgrade) -i WebSocket
acl is_websocket path_sub -i /socket.io/
use_backend bk_ws if is_websocket
acl acl_comments path_beg -i /comments
use_backend comments if acl_comments
backend comments
mode http
balance leastconn
timeout connect 1s
timeout server 600s
timeout queue 600s
option redispatch
retries 3
acl is_woff capture.req.uri -m sub .woff
acl is_ttf capture.req.uri -m sub .ttf
acl is_eot capture.req.uri -m sub .eot
http-response set-header Cache-Control public if is_eot or is_woff or is_ttf
http-response set-header Expires -1 if is_eot or is_woff or is_ttf
http-response set-header Pragma cache if is_eot or is_woff or is_ttf
cookie nodebb insert indirect nocache secure
server node1 10.160.125.81:4567 cookie nodebb_node1 check inter 1000 fastinter 500 rise 2 fall 1
server node2 10.160.125.82:4567 cookie nodebb_node2 check inter 1000 fastinter 500 rise 2 fall 1
backend bk_ws
option redispatch
balance roundrobin
option forwardfor
option httpclose
server node1 10.160.125.81:4567 maxconn 30000 weight 10 cookie ws_node1 check
server node2 10.160.125.82:4567 maxconn 30000 weight 10 cookie ws_node2 check
Websocket 连接一直在获得 403。
更新:我尝试在没有 haproxy 的情况下直接连接,并且 websocket 连接正确。但是我已经看到使用 haproxy 的 websocket 协议从 wss 更改为 https。
有什么办法可以防止这种情况发生?
解决方案
推荐阅读
- swiftui - SwiftUI:如何使枚举 allCases 可观察?
- css - Big Cartel Coding changes
- java - javax.ws.rs.Path 如何在不影响所有其他路径的情况下仅拦截项目根目录
- mysql - Filtering Max Number of Votes each party got for each year in SQL
- android - 如何解决“实体和 POJO 必须具有可用的公共构造函数”
- node.js - react - axios - api 已被 CORS 策略错误阻止
- stripe-payments - 如何在 Stripe 中指定订阅时长
- c# - VS 2022 ASP.NET Core MVC
使能够 在 projectName.csproj 中导致 ModelState.IsValid = false CS8618 不可为空的属性 - excel - 用户窗体上任何控件的单击事件(尤其是文本框)
- python - Tiktok python bot ban:“尝试太多”,禁止机器“