Hello! On Wed, Nov 23, 2016 at 04:14:23AM -0500, noci wrote:
> I have a strange problem. > > Setup: > Internet ---> haproxy (SNI TLS Routing) --> nginx (Webserver) --> Websocket > based server (WebRTC) > haproxy has no certificates, it checks the TLS Hello message for :443 > traffic and then forwards to the right server based on SNI. > ==> haproxy cannot alter the stream sent through. > > Doing a request through this pipeline to start a websocket connection looses > the Upgrade & Connection setting coming from the internet. > When making a request that bypasses the haproxy those header elements ARE > present. > Unfortunately haproxy is a requirement because of various servers being > used. [...] > Parsed by nginx: > 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Host: > nc.xxxxxxx.net:443" > 2016/11/23 01:09:20 [debug] 25097#0: *309 http header: "Connection: close" [...] >From the nginx logs provided it is clear that Update and Connection headers were removed/changed somewhere before nginx. Additionally, it looks like the Host header was changed from "nc.xxxxxxx.net" to "nc.xxxxxxx.net:443". You have to look on what happens in haproxy and/or between haproxy and nginx. A trivial thing to check is the client address as seen by nginx - make sure it belongs to haproxy and there are no additional intermediate proxies. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
