Pfsense with HAProxy enable support for websocket?

Hey All.

New on LTS forums.

Looking for help setting up HAProxy for reverse proxy with support for websocket.

i am running pfsense 2.5.0 and have used Tom´s great videos to set up Reverse proxy with SSL offloading with ACME wildcard certs from Lets Encrypt and it works almost great.

i am trying to move my services from my synology reverse proxy to HAProxy on PFsense but some of my services needs “websocket” to work and i can not find out how to make it work, i can see online that HAProxy supports websocket but i can not find any info on how to set it up inside PFsense HAProxy package
on my synology build in reverse proxy it is as simple at “flipping” a switch to enable the “upgrade connections” but that is based on Nginx and the synology implementation do not support wildcard LE certs

the primary service that needs websocket support to work it Avigilons Mobile surveillance app for my security system.

i have set up
3 frontends 1 for external access, 1 internal access and 1 redirect from http to Https
and 8 backends for different services and all but the one service work as expected but as this is a very high priority app i had to move back to my existing setup.

Do anyone have any ideas where to set up some ACLs or other info preferably with screenshots to get me in the right direction as i can not figure out if it should be in the frontend or backend and what to write in the ACLs or other places ?

/ Martinelv

I have never used an Avigilon system via web proxy so not sure what needs to be done but my guess would be that is uses more than just one port so you will have to map all the ports needed in the back end. I use Xen Orchestra via HAProxy which uses web sockets, but all the traffic is via one port and it works fine.

@LTS_Tom Thanks for the quick reply

i know that it only uses one port also because that is all that is open on my PFsense forwarded to the reverse proxy of my synology NAS

another screenshot…

another screenshot…

but after your response i deleted Http/2 and HSTS and Custom Headers in the synology reverse proxy (from there i thought it was using websocket hence the title) and it still works but, the moment i move the firewall rules to point to HAProxy i still get “connected” in the app but no live video streaming is possible but the “status page” of Avigilon it working just as expected

another screenshot…

according to avigilon this it the ports used

and this

and also i got my Xen Orchestra and other services to work great i would just hope to get the last ones running also