Hi Tim,

Thanks for the response, and apologies for the delay. Popularity is advertised as a good thing, but I have my doubts. Regardless, I am back on track with this project for the moment.
While I don't have any idea from the top of my head your configuration
surely would be helpful.

right, should have included that the first time, will put it at the bottom of this mail.

You might also want to check whether the webbrowser is able to:
a) Set-Up the Websocket with auth-request in between (you should see a
101 Switching Protocols in it's network console).

Okay, this is something I hadn't looked at. Not 100% sure I am interpreting correctly, but assuming I am, then the browser is reporting that the connection is successfully upgrading to websockets both with and without the Lua script enabled. As far as I can tell, the only thing that changes is the cookies and keys. There is a significant difference in the "waiting" response, though; ~350ms with the lua script, but less than 5ms without it.

b) Send credentials for basic authentication for Websockets.

hm, so I don't seem to be able to connect to etherpad directly using a ws:// schematic in chrome or firefox, and I think that is what you mean. not sure if that is just me, though, will work some more on that and see if I can figure out if I am doing something wrong there...

My haproxy.cfg:

Note in the front end I have two lines commented; with these lines commented, everything works, can reload hundreds of times with no error. With the lines uncommented, the auth works, the main landing page works, but accessing the actual pad does not work. the tables entries seem to work fine either way.

I have uncommented these lines to induce failure, and pasted a copy of the haproxy logs of the event at
http://www.computerisms.ca/haproxy.txt

At the bottom of the log file, it appears to me that I get a 200 after the websocket upgrade, which I interpret to mean it was successful, but at that point the page spins and some 150-300 seconds later I get the error page displayed on the screen with no more log entries in haproxy.


global
        debug
        log             /dev/log                local1          debug
        chroot          /var/lib/haproxy
        user            haproxy
        group           haproxy
        daemon
        ca-base         /etc/ssl/certs
        crt-base        /etc/ssl/private
        ssl-default-bind-options        no-sslv3
        lua-load        /Computerisms/config/etc/haproxy.auth.lua

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull

frontend        httpfront
        bind            ${ADDRESS}:80   v4v6
        bind ${ADDRESS}:443 v4v6 ssl crt /Computerisms/config/certificates/
        redirect        scheme       https   code 301 if     !{ ssl_fc }
        mode            http
        option          httplog
        log             global
#       http-request    lua.auth-request        auth_request /index.html
        ## ACLs
        acl tables.computerisms.ca ssl_fc_sni -i tables.computerisms.ca
        acl pad.computerisms.ca ssl_fc_sni -i pad.computerisms.ca
        ## AUTHREQ
use_backend auth_request if ! { var(txn.auth_response_successful) -m bool } tables.computerisms.ca # use_backend auth_request if ! { var(txn.auth_response_successful) -m bool } pad.computerisms.ca
        ## AUTHBACKEND
        use_backend tables.computerisms.ca if tables.computerisms.ca
        use_backend pad.computerisms.ca if pad.computerisms.ca
        default_backend mooglehttps

backend         auth_request
        mode            http
        server          auth-request    127.0.0.1:8044 check
#       option          httpclose
#       option          forwardfor

backend         mooglehttps
        balance         leastconn
        mode            http
        option          httpclose
        option          forwardfor
        option          log-health-checks
        option          httpchk
server sand1lian 192.168.25.52:48443 check send-proxy-v2 ssl verify none server sand2lian 192.168.25.53:48443 check send-proxy-v2 ssl verify none

## BEGIN pad.computerisms.ca
backend         pad.computerisms.ca
         balance         leastconn
         mode            http
         cookie sessionID insert nocache indirect
#        option          httpclose
         option          forwardfor
         server sand1lian 192.168.25.52:19008 cookie sand1pad
         server sand2lian 192.168.25.53:19008 cookie sand2pad
## END pad.computerisms.ca
## BEGIN tables.computerisms.ca
backend         tables.computerisms.ca
         balance         leastconn
         mode            http
         cookie sessionID insert nocache indirect
         option          httpclose
         option          forwardfor
         server sand1lian 192.168.25.52:29000 check cookie sand1tables
         server sand2lian 192.168.25.53:29000 check cookie sand2tables
## END tables.computerisms.ca

Thanks again for taking a look, truly appreciated...


Best regards
Tim Düsterhus


Reply via email to