I run code-server docker container on unraid. I can access its webui with local ip without any problem, including its websocket connection.
But if I use code.mydomain.com, I can’t get it to upgrade to websocket connection.
I’ve been meaning to get around to working on this for a little while now, but haven’t yet. The HAProxy project has some really good documentation on the subject here. You’d have to adapt it to pfSense, but it looks like you’d create a separate front end for websockets URLs.
Thanks. I’ve seen the document and have tried everything it said including specifying below in the backend, but it doesn’t work, i.e., haproxy can’t upgrade to websocket:
Thanks. I tried linuxserver.io openvscode-server docker image as you suggested. Running with local IP works properly, but using subdomain vscode.mydomain.com renders service unavailable 503, No server is available to handle this request… It is strange. I set up a vanilla frontend/backend on Haproxy. Vscode subdomain was added to cloudflare DNS as usual.
With linuxserver.io code-server docker, at least I still get the webui display, just with the websocket problem.
It looks like I have to withdraw my haproxy advice on this one. I just went to grab the config and couldn’t find it. It turns out when I spun up the openvscode-server, I also did an instance of nginx to serve it. Sorry for the mix up. I know I had an instance at work running through haproxy, but I decommissioned that one a long while ago. I’ll see if I can get it running again when I’m back home for the day and report back.
That’s ok. Let me know when you have a chance to look at it.
Actually, I may not need to expose code-server to internet, just a matter of technical curiosity. It should be a straight-forward setup, but somehow not. I gave it up for now.
Now I reverse proxy most of my local services with HAproxy, for both external and internal access with mydomain.com and home.mydomain.com, respectively. Only a few services are exposed to WAN. If I can’t accomplish it with Haproxy, I’ll reverse proxy it with Nginix Proxy Manager instead, with home.mydomain.com. Nginx proxy is for home.mydomain.com and I can access them anywhere through tailscale+self-hosted headscale.
OK, I just got home and added the vscode instance to my HAProxy. I’ve been messing around a little and so far I haven’t seen any errors.
I stopped using the pfSense HAProxy package a while ago, so you’ll have to do a little translating, but these are the relevant HAProxy config sections.
There’s a frontend that just redirects HTTP to HTTPS:
frontend HTTP
bind 10.8.9.16:80 name 10.8.9.16:80
mode http
log global
option httplog
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl example var(txn.txnhost) -m reg -i [A-Za-z0-9\.]+\.example\.com
http-request set-var(txn.txnhost) hdr(host)
http-request redirect code 301 location https://%[hdr(host)]%[path] if example
There’s a front end for HTTPS that’s shared among many subdomains:
frontend HTTPS
bind 10.8.9.16:443 name 10.8.9.16:443 ssl crt-list /etc/haproxy/HTTPS.crt_list
mode http
log global
option httplog
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
# --- LOTS OF OTHER ACLS --- #
acl coder var(txn.txnhost) -m str -i coder.example.com
# --- LOTS OF OTHER ACLS --- #
acl aclcrt_HTTPS var(txn.txnhost) -m reg -i ^coder\.example\.com(:([0-9]){1,5})?$
# --- LOTS OF OTHER USE_BACKEND STATEMENTS --- #
use_backend coder_ipvANY if coder aclcrt_HTTPS
And there’s a backend:
backend coder_ipvANY
mode http
id 133
log global
http-check send meth OPTIONS
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
server coder 10.8.9.37:32768 id 134 check inter 1000 verify none
Like I said, I haven’t seen any websocket errors, but I’ll play with it a little and see if I come across anything.
Really appreciate you sharing the config. It looks quite similar to my raw config. What Haproxy version are you using? I’m using the latest develop version.
