Open WGandy opened 1 year ago
Is it work well without rathole?
Is it work well without rathole?
I have not yet done a complete isolation of haproxy from rathole in order to rule out all combinations. It may very well be that I don't have a good SNI haproxy config. It's a bit challenging to test this because I need rathole to tunnel down to my servers. Most of my VPS's are small and running a full app can eat up all the RAM.
Could you please provide your Haproxy and rathole log information?
To start with, I'm not sure that this is an issue with Rathole. It may have to do with SNI filter in general or an issue with haproxy. But I figured it would be good to report it here as I'm finding it when working in conjunction with Rathole.
I've been playing around with routing traffic through a VPS to a local server (or multiple servers) without terminating the TLS at the VPS. It works fine with rathole just passing 443 traffic to a server AND with haproxy in front of it, albeit doing almost nothing. But, when I try to use SNI filtering in haproxy to route traffic from specific domain names to specific servers, I get many issues. Sometimes the server is unreachable. Other times it appears to work but is very slow. Other times it works for a short while and then goes un-reachable after some period of time (minutes to perhaps hours).
Here are example haproxy and rathole configs. I'm running both of these in Docker with a docker compose file. The rathole container is called rathole and so "rathole:443" from the haproxy container routes to the rathole container. Rathole then sends off to Caddy also running on the local server which handles the certificates.
Running ubuntu 22.04 on the VPS. Haproxy 2.7.6 Rathole 0.4.7 Caddy 2
Example haproxy file:
Example rathole server file:
example rathole client file: