HA Proxy and Websockets

ssl websocket haproxy wss

Solution 1:

As this is a 3rd party app, I'm not sure if I'm going to be able to get them to change their app. Therefore, I was wondering if there's something I can do on the HAProxy server to force a secure websocket connection.

This depends mostly on the 3rd party application. If the application is specifically using the ws: protocol, there is nothing you can do on the HAProxy side - browsers won't even connect to the HAProxy instance, so you aren't ever even given the chance to do anything about it.

You would need to open an issue with the 3rd party application developers and have them make the web socket protocol configurable, or add some detection (if the page is loaded over HTTPS, then use WSS).

Alternatively you could introduce content rewriting, where you have something that modifies outgoing content to re-write ws:/ to wss://. HAProxy cannot do this, but Nginx along with the sub_filter module can.

Related

How to apply memory limits to all cron jobs?
Office 365 Exchange client connection logs
Squid running out of filedescriptors on CentOS 7
Jenkins CI Master-Slave setup with docker for slave server
ProxyPass HTTPS to other server
Grace Period? - AWS EC2 Container Service and Elastic Load Balancers
multiple client istances for openvpn connections
openvpn, option tls-cipher not working, no shared cipher
Bug in WMI namespace for MicrosoftDNS Statistics class?
kswap using 100% of CPU even with 100GB+ of RAM available
EC2 - should security groups be specialized and stacked?
Unable to update Windows 10 programatically