🤗 [Question]: How to use Balancer with https?

[rosszfej]

Question Description

I want to create a simple load balancer using Go. I have created a test version on my PC for HTTP using the examples on the https://docs.gofiber.io/api/middleware/proxy and it was working fine. I modified it for HTTPS and tried it on the production server but I was getting HTTP-500 response with the following text all the time: HostClient can't follow redirects to a different protocol, please use Client instead

I googled this text and found that it's from fasthttp: ErrHostClientRedirectToDifferentScheme = errors.New("HostClient can't follow redirects to a different protocol, please use Client instead")

I've found this bug report in fasthttp, which mentions ErrHostClientRedirectToDifferentScheme but I am not sure if this is related and even it is, I am not sure how to apply the workaround mentioned there in fiber: https://github.com/valyala/fasthttp/issues/841

( I have modified my https implementation to work as a simple web server and it was working fine (there is no problem with the certificates, etc.. ), so i am pretty much sure that the problem is in the Balancer)

This is the relevant part of my source code:

proxy.WithTlsConfig(&tls.Config{
    InsecureSkipVerify: true,
})

proxy.WithClient(&fasthttp.Client{
    NoDefaultUserAgentHeader: true,
    DisablePathNormalizing:   true,
})

app.Use(proxy.Balancer(
    proxy.Config{
        Servers: []string{"https://myproductionserver.eu"},
    }))
cer, err := tls.LoadX509KeyPair(os.Getenv("CERT_FILE"), os.Getenv("KEY_FILE"))
if err != nil {
    log.Fatal(err)
}

config := &tls.Config{Certificates: []tls.Certificate{cer}, InsecureSkipVerify: true}

ln, err := tls.Listen("tcp", ":"+os.Getenv("SERVER_PORT"), config)
if err != nil {
    panic(err)
}

log.Fatal(app.Listener(ln))

Really appreciate your help with this..

Code Snippet (optional)

No response

Checklist:

• [X] I agree to follow Fiber's Code of Conduct.
• [X] I have checked for existing issues that describe my questions prior to opening this one.
• [X] I understand that improperly formatted questions may be closed without explanation.

[welcome[bot]]

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

[rosszfej]

i have found the same issue was reported a while ago: https://github.com/gofiber/fiber/issues/1855 and in the comments someone wrote : Currently, proxy.Balancer works only for http -> HTTP. it would be nice to have this info added to the documentation

[li-jin-gou]

refer to https://github.com/gofiber/fiber/blob/master/middleware/proxy/config.go#L51 and you can set tls.config when use Balancer or LbClient.

[rosszfej]

thanks for the answer. I am a bit confused. On the other thread, someone wrote this was not implemented. you suggested a solution which does not work for me. is this feature working, or is it only me having problems getting it working? thank you very much..

[li-jin-gou]

thanks for the answer. I am a bit confused. On the other thread, someone wrote this was not implemented. you suggested a solution which does not work for me. is this feature working, or is it only me having problems getting it working? thank you very much..

I'll try

[ryanbekhen]

@rosszfej Maybe you could try using the proxy.BalancerForward middleware in version v2.42.0.

[mstoetzer]

While this is technically interesting to implement it like you did, I would suggest to let other tools do the load balancing and TLS termination (e.g. Nginx, HAProxy or Traefik). Is it technically possible for you to use such tools or are you needed to implement the things as part of your application?

For example, your application needs to be restarted, when you change your TLS certificate to load the new certificate file.

[gaby]

That's true, it could also be done using a Proxy. It does no harm to implement this on Fiber itself though.

[rosszfej]

hi all, thanks for the answers.. what finally did, i used nginx to handle https and used the HTTP load balancer in fiber. it's working fine this way.. thanks again.