[GH-ISSUE #2682] Error 502 websocket path "notifications/hub" behind HAProxy #1349

New issue

Closed

opened 2026-03-03 02:08:24 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 02:08:24 +03:00

Owner

Originally created by @marcogiorgio on GitHub (Aug 10, 2022).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2682

Discussed in https://github.com/dani-garcia/vaultwarden/discussions/2657

Hi,
I configured Vaultwarden behind an HAProxy instance deployed on my OPNsense, using the guide "HAproxy inside PfSense (by @RichardMawdsley)". The redirects look correct, but I get a "502 Bad Gateway
The server returned an invalid or incomplete response" error when I go to vaultwarden.domain.net/notifications/hub.

This is the relevant HAProxy config:

acl acl01 path_beg -i /notifications/hub
acl acl02 hdr_sub(host) -i vaultwarden.domain.net
acl acl03 path_beg -i /notifications/hub/negotiate
acl acl04 path_beg -i /notifications/hub
acl acl05 path_beg -i /notifications/hub/negotiate

use_backend Vaultwarden if !acl01 acl02
use_backend Vaultwarden if acl03 acl02
use_backend Vaultwarden_Websocket if acl04 acl02
use_backend Vaultwarden_Websocket if !acl05 acl02

backend Vaultwarden_Websocket
mode http
balance source
stick-table type ip size 50k expire 30m
stick on src
timeout connect 30s
timeout server 30s
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-reuse safe
server Vaultwarden_Websocket X.X.X.X:3012

backend Vaultwarden
mode http
balance source
stick-table type ip size 50k expire 30m
stick on src
timeout connect 30s
timeout server 30s
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-reuse safe
server Vaultwarden X.X.X.X:9070

Can anyone help? Thanks

Originally created by @marcogiorgio on GitHub (Aug 10, 2022). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2682 ### Discussed in https://github.com/dani-garcia/vaultwarden/discussions/2657 Hi, I configured Vaultwarden behind an HAProxy instance deployed on my OPNsense, using the guide "HAproxy inside PfSense (by [@RichardMawdsley](https://github.com/RichardMawdsley))". The redirects look correct, but I get a "**502 Bad Gateway The server returned an invalid or incomplete response**" error when I go to vaultwarden.domain.net/notifications/hub. This is the relevant HAProxy config: acl acl01 path_beg -i /notifications/hub acl acl02 hdr_sub(host) -i vaultwarden.domain.net acl acl03 path_beg -i /notifications/hub/negotiate acl acl04 path_beg -i /notifications/hub acl acl05 path_beg -i /notifications/hub/negotiate use_backend Vaultwarden if !acl01 acl02 use_backend Vaultwarden if acl03 acl02 use_backend Vaultwarden_Websocket if acl04 acl02 use_backend Vaultwarden_Websocket if !acl05 acl02 backend Vaultwarden_Websocket mode http balance source stick-table type ip size 50k expire 30m stick on src timeout connect 30s timeout server 30s http-request add-header X-Forwarded-Proto https if { ssl_fc } http-reuse safe server Vaultwarden_Websocket X.X.X.X:3012 backend Vaultwarden mode http balance source stick-table type ip size 50k expire 30m stick on src timeout connect 30s timeout server 30s http-request add-header X-Forwarded-Proto https if { ssl_fc } http-reuse safe server Vaultwarden X.X.X.X:9070 Can anyone help? Thanks