HAProxy and flash sockets

From: Lukasz Michalski <lm#zork.pl>
Date: Wed, 23 Nov 2011 14:13:45 +0100


Hi,

I am trying to use HAProxy as proxy for socket.io transports. Standard XMLHttpRequest and WebSockets work ok but I have trouble with flash transport.

The flashtransport uses flash plugin to establish socket connection and after that data is send and received using WebSockets protocol.

To make flash socket connect I need to provide "flash policy file" to the plugin. According to the documentation[1] flash attempts to download policy file from server available on port 843 at the same domain and if it fails it tries to use destination host and port.

My current config looks like this:

defaults
  log 127.0.0.1:514 local1 debug

# Flash player will not send send policy-file-request
# on client connection if policy file can be requested
# from the same host on port 843.
# We cannot use different port here.

frontend flashpolicy_server
  bind 0.0.0.0:843
  mode tcp
  default_backend nodejs_flashpolicy

# Main frontend

frontend proxy
  bind 0.0.0.0:80
  bind 0.0.0.0:8443
  mode http
  option httplog
  maxconn 200000
  timeout client 86400000

  default_backend webapp

  #websockets 

  acl is_websocket path_beg /socket.io
  acl is_websocket hdr(Upgrade) -i WebSocket
  acl is_websocket hdr_beg(Host) -i ws

  use_backend websocket if is_websocket

backend webapp

   mode http
   option httplog
   option httpclose
   server cherrypy1 localhost:7000 check

backend websocket
  mode http
  option httplog
  timeout server 86400000
  timeout queue 5000
  timeout connect 86400000
  option forwardfor
  no option httpclose
  option http-server-close
  option forceclose
  server node1 localhost:12000 maxconn 2000 check

backend nodejs_flashpolicy
  mode tcp
  server node1 localhost:10843 maxconn 2000 check

Everything works but one scenario: if port 843 is blocked on client side then flash plugin is sending '<flash-policy-request/>\0' to the proxy frontend and expects xml file. In this case I should route this connection to nodejs_flashpolicy instead of websocket backend.

Do you have any solution to this? the best solution would be to check first X bytes for '<flash-policy-request/>'. Worse but still working solution would be to route all invalid http requests to the nodejs_flashpolicy.

I cannot find any way to configure HAProxy to make it work. If you have any suggestions please share.

I am using haproxy 1.4.17

[1]
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

Thanks!
Ɓukasz Received on 2011/11/23 14:13

This archive was generated by hypermail 2.2.0 : 2011/11/23 14:30 CET