Hello,
thank you for a great Traefik.
I have a problem with WSS configuration.
I tried everything what I found here or on stackoverflow - nothing works.
My static yml configuration:
serversTransport:
insecureSkipVerify: true
certificatesResolvers:
le:
acme:
email: <EMAIL>
storage: /etc/<NAME>.json
caServer: 'https://acme-v02.api.letsencrypt.org/directory'
httpChallenge:
entryPoint: http
tlsChallenge: {}
entryPoints:
http:
address: ':80'
https:
address: ':443'
http4500:
address: ':4500'
https4501:
address: ':4501'
http:
tls:
certResolver: le
redirections:
entryPoint:
scheme: https
providers:
file:
directory: "/etc/traefik.d"
watch: true
When I use "
http4500", WS is working.
http:
routers:
abc-app:
entryPoints:
- "http"
rule: "Host(`<ABC-APP-URL>`)"
service: abc-app-service
abc-ws:
entryPoints:
- "http4500"
rule: "Host(`<ABC-APP-URL>`) && PathPrefix(`/subscriptions`)"
service: abc-ws-service
services:
abc-app-service:
loadBalancer:
servers:
- url: "http://<SERVER-URL>:30001"
abc-ws-service:
loadBalancer:
servers:
- url: "http://<SERVER-URL>:30002"
But I cannot make WSS work through "http4501" but Let's Encrypt certificate for domain is working OK through "https".
http:
routers:
abc-app:
entryPoints:
- "http"
- "https"
rule: "Host(`<ABC-APP-URL>`) || Host(`www.<ABC-APP-URL>`)"
middlewares:
- https-redirect
service: abc-app-service
tls:
certResolver: "le"
domains:
- main: "<ABC-APP-URL>"
sans:
- "www.<ABC-APP-URL>"
abc-ws:
entryPoints:
- "https4501"
rule: "Host(`<ABC-APP-URL>`) && PathPrefix(`/subscriptions`)"
middlewares:
- sslheader
service: abc-ws-service
tls:
certResolver: "le"
domains:
- main: "<ABC-APP-URL>"
sans:
- "www.<ABC-APP-URL>"
middlewares:
sslheader:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
https-redirect:
redirectScheme:
scheme: https
permanent: true
services:
abc-app-service:
loadBalancer:
servers:
- url: "http://<SERVER-URL>:30004"
abc-ws-service:
loadBalancer:
servers:
- url: "http://<SERVER-URL>:30005"
I also tried middleware "wsstest"
wsstest:
redirectScheme:
port: "443"
headers:
customRequestHeaders:
X-Forwarded-Proto: https
and/or "socket"
socket:
headers:
forceSTSHeader: true
STSSeconds: 315360000
STSIncludeSubdomains: true
STSPreload: true
browserXSSFilter: true
contentTypeNosniff: true
frameDeny: true
sslForceHost: true
sslRedirect: true
customResponseHeaders:
X-Robots-Tag: "none"
X-Script-Name: "test"
customFrameOptionsValue: "SAMEORIGIN"
Both ports on server <SERVER-URL> (:30002, :30005) are accessible.
wscat -c ws://<ABC-APP-URL>:4500/subscriptions
Connected
wscat -c wss://<ABC-APP-URL>/subscriptions
error: certificate has expired
wscat -c wss://<ABC-APP-URL>:4501/subscriptions
error: connect ETIMEDOUT xxx.xxx.xxx.xxx:4501
And in Chrome: WebSocket is closed before the connection is established.
Is there something missing?
I am trying to figure it out for 3 days but with no luck 
.
Can anyone please help?
.