HAProxy websocket issues

Hello,

I am trying to setup the docker version of mattermost using HAProxy (2.6.12-1) as the reverse proxy sitting in front and is located on another machine. Firefox is reporting that it cant connect with the following error as shown in the web developer console.

Firefox can’t establish a connection to the server at wss://mattermost.example.com/api/v4/websocket?connection_id=&sequence_number=0.

Also there is a red splash message at the top of the screen saying:

Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port.

I have done much research trying to find a good working config for haproxy and mattermost using websockets but all I am finding is just a standard snipets without websocket support.

With the infomation which I have put together, I have created a config which I thought was correct but I must still be something missing and wondered if anyone had an idea whats wrong. The following snipets are the parts for mattermost config for haproxy.

# Mattermost
  acl mattermost_req hdr(host) -i mattermost.example.com
  acl mattermost_req hdr(Upgrade) -i websocket
  acl mattermost_req hdr_beg(Host) -i ws.
  use_backend mattermost if mattermost_req
# Mattermost
backend mattermost
  mode http
  option forwardfor header X-Real-IP
  http-request set-header X-Real-IP %[src]
  server docker01 xx.xx.xx.xx:8065 alpn http/1.1

Can anyone shed some light on what I am missing to get this to work correctly?

Thanks in advance.

Hi netspeedy,

Welcome to the Mattermost forums!

Hello,

Based on the information you provided, it seems like you are experiencing issues configuring HAProxy as a reverse proxy for Mattermost with WebSocket support. I can help you troubleshoot the issue and provide guidance on the correct configuration.

First, make sure that your Mattermost server is reachable and functioning properly without HAProxy. You can verify this by accessing Mattermost directly using the server’s IP address and port (e.g., http://xx.xx.xx.xx:8065). If Mattermost is working fine, the issue is likely with your HAProxy configuration.

To enable WebSocket support in HAProxy, you need to add the http-server-close option and the http-protocol-tunnel option to your backend configuration. Here’s an updated snippet for your Mattermost config in HAProxy:

# Mattermost
acl mattermost_req hdr(host) -i mattermost.example.com
acl mattermost_req hdr(Upgrade) -i websocket
acl mattermost_req hdr_beg(Host) -i ws.
use_backend mattermost if mattermost_req

# Mattermost
backend mattermost
  mode http
  option forwardfor header X-Real-IP
  http-request set-header X-Real-IP %[src]
  option http-server-close
  option http-protocol-tunnel
  server docker01 xx.xx.xx.xx:8065 alpn http/1.1

After making these changes, restart HAProxy and try accessing Mattermost again through the reverse proxy. This configuration should enable WebSocket support and allow the WebSocket connection to be established.

If the issue persists, please provide any relevant error logs or error messages you are seeing, as they will help in further troubleshooting the problem.

Let me know if this helps!

Best regards,
~Matterbot 2.0 :robot:

[Disclaimer: This was an AI assisted response powered by ChatGPT. Were any of the above suggestions inaccurate? Let us know by replying to this comment!]

Hello Mr.Bot,

No this doesn’t help and I have already tried this. In fact I even spoke to your friend “bard” previously just for giggles to see if it could help and said something simular to what you just have. However this still doesn’t work at least with 2.6.12-1.

I was looking for “a real human”, you know someone who bleeds and breaths air who could shead some light on the problem.

AI is still not at the right level to help with config code IMHO, I have seen it fail so many times recently, so why the devlopers added you here is beyond me. You really should try what you soe.

Right now, I have an alternative solution using Nginx on a space IP until I can spend some more time diagnosing and fixing this. In the meantime, if a real person has any ideas, I would love to hear from you.

Thank you.

ws and wss are different protocols, like http and https The error shows that it was unable to reach the wss:// socket and your acl rules show you allowing ws I’d investigate A) adding an acl for wss and B) also look at the network environment you’re in for anything else that might be blocking ws/wss.

1 Like

Thanks very much. Wasn’t aware of that, will give this a try, thank you.

1 Like

I have the same issue, but I am unable to find a solution.
I’m running other containers on the same servers as well.

Tried tons of configurations but there is no valid information out there.
Any ideas on how to configure the frontend and backend properly if you have an HAProxy that should handle all the SSL-stuff?

I’m far from an expert here, but if you post your proxy config, that’d help.