feat: ignore upstream cors headers; add websocket support

Author: oyyblin

README.md

@@ -17,17 +17,17 @@ The solution uses a two-tier architecture:
 
 1. **Nginx (Front Tier)**
 
-   - Handles incoming HTTP/HTTPS traffic
-   - Provides initial request routing
-   - Manages SSL/TLS termination
-   - Forwards requests to HAProxy
+   - Handles incoming traffic on port 8080
+   - Automatic WebSocket protocol detection and routing
+   - Manages CORS and HTTP headers
+   - Routes traffic to appropriate HAProxy ports (8545/8546)
 
 2. **HAProxy (Back Tier)**
-   - Manages load balancing across RPC nodes
-   - Implements sticky sessions
-   - Performs health checks
-   - Handles WebSocket connections
-   - Provides failover capabilities
+   - Listens on ports 8545 (RPC) and 8546 (WebSocket)
+   - Port-based backend selection
+   - Maintains sticky sessions for 30 minutes
+   - Load balances across 4 backend nodes
+   - Performs TCP-level health checks every 3 seconds
 
 ## Prerequisites
 
@@ -61,20 +61,27 @@ The solution uses a two-tier architecture:
 
 The HAProxy configuration (`haproxy.cfg`) includes:
 
-- TCP mode for WebSocket support
-- Round-robin load balancing
-- Sticky sessions based on client IP
-- Health checks for RPC nodes
-- Configurable timeouts and connection limits
+- Dual-port TCP mode (8545/8546) for RPC and WebSocket support
+- Port-based traffic routing between RPC and WebSocket backends
+- Round-robin load balancing with sticky sessions
+- Sticky sessions based on client IP (30-minute persistence)
+- Health checks every 3 seconds with 2-attempt failure/rise thresholds
+- Configurable timeouts (connect: 5s, client: 50s, server: 50s)
+- Internal health monitoring endpoint on localhost:8547
 
 ### Nginx Configuration
 
 The Nginx configuration (`nginx.conf`) provides:
 
-- Reverse proxy setup
-- Header forwarding
-- Health check endpoint
-- Connection pooling
+- Single entry point on port 8080
+- Automatic WebSocket protocol upgrade handling
+- CORS headers management with preflight request support
+- Smart traffic routing:
+  - WebSocket connections → HAProxy port 8546
+  - RPC traffic → HAProxy port 8545
+- Dual health check endpoints:
+  - `/health/alive` for basic liveness checks
+  - `/health/ready` for HAProxy status verification
 
 ## Health Checks
 

haproxy.cfg

@@ -13,15 +13,20 @@ defaults
     timeout client  50s
     timeout server  50s
 
-# Main RPC frontend - handles incoming blockchain RPC requests
-frontend rpc_frontend
-    # Listen on all interfaces for external access
+# Combined frontend for both HTTP/RPC and WebSocket traffic
+frontend combined_frontend
     bind 0.0.0.0:8545
-    # TCP mode for WebSocket support
+    bind 0.0.0.0:8546
     mode tcp
+    
+    # Use a TCP mode ACL to detect WebSocket traffic (port 8546)
+    acl is_websocket dst_port 8546
+    
+    # Route based on the destination port
+    use_backend ws_backend if is_websocket
     default_backend rpc_backend
 
-# Backend configuration for RPC nodes
+# Backend configuration for RPC nodes (port 8545)
 backend rpc_backend
     mode tcp
     # Round robin load balancing between nodes
@@ -39,11 +44,29 @@ backend rpc_backend
     server node3 54.212.168.35:8545 check inter 3s fall 2 rise 2
     server node4 54.202.224.179:8545 check inter 3s fall 2 rise 2
 
+# Backend configuration for WebSocket nodes (port 8546)
+backend ws_backend
+    mode tcp
+    # Round robin load balancing between nodes
+    balance roundrobin
+    # Enable TCP health checks
+    option tcp-check
+    # Allow server retry on failure
+    option redispatch
+    # Sticky sessions configuration
+    stick-table type ip size 200k expire 30m
+    stick on src
+    # WebSocket nodes with health checks
+    server node1 35.89.200.123:8546 check inter 3s fall 2 rise 2
+    server node2 18.236.243.137:8546 check inter 3s fall 2 rise 2
+    server node3 54.212.168.35:8546 check inter 3s fall 2 rise 2
+    server node4 54.202.224.179:8546 check inter 3s fall 2 rise 2
+
 # Health check endpoint for monitoring HAProxy status
 # Only accessible from localhost for security
 frontend health_check
     # Bind only to localhost (127.0.0.1) to prevent external access
-    bind 127.0.0.1:8546
+    bind 127.0.0.1:8547
     # Use HTTP mode since health checks are HTTP requests
     mode http
     # Create a simple health endpoint at /health

nginx.conf

@@ -4,33 +4,59 @@ events {
 }
 
 http {
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        '' close;
+    }
+
     # Upstream definition for HAProxy RPC load balancer
     upstream rpc_nodes {
         server 127.0.0.1:8545;
     }
 
+    upstream ws_nodes {
+        server 127.0.0.1:8546;
+    }
+
     server {
         listen 8080;
 
         # Main location for RPC traffic
         location / {
-            # Enable CORS from any origin
-            # add_header 'Access-Control-Allow-Origin' '*' always;
-            # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
-            # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
+            # Remove any existing CORS headers from upstream
+            proxy_hide_header 'Access-Control-Allow-Origin';
+            proxy_hide_header 'Access-Control-Allow-Methods';
+            proxy_hide_header 'Access-Control-Allow-Headers';
+            proxy_hide_header 'Access-Control-Max-Age';
 
-            # # Handle preflight requests
-            # if ($request_method = 'OPTIONS') {
-            #     add_header 'Access-Control-Allow-Origin' '*';
-            #     add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-            #     add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
-            #     add_header 'Access-Control-Max-Age' 1728000;
-            #     add_header 'Content-Type' 'text/plain; charset=utf-8';
-            #     add_header 'Content-Length' 0;
-            #     return 204;
-            # }
-
-            # Forward requests to HAProxy
+            # Handle preflight requests
+            if ($request_method = 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'Content-Type';
+                add_header 'Access-Control-Max-Age' 1728000;
+                add_header 'Content-Type' 'text/plain; charset=utf-8';
+                add_header 'Content-Length' 0;
+                return 204;
+            }
+
+            # Add CORS headers for non-OPTIONS requests
+            if ($request_method != 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' '*';
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+                add_header 'Access-Control-Allow-Headers' 'Content-Type';
+            }
+
+            # WebSocket specific configuration
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $connection_upgrade;
+
+            # Route WebSocket traffic to ws_nodes, regular traffic to rpc_nodes
+            if ($http_upgrade = "websocket") {
+                proxy_pass http://ws_nodes;
+            }
+
             proxy_pass http://rpc_nodes;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
@@ -51,7 +77,7 @@ http {
             # Short timeouts for quick health check responses
             proxy_connect_timeout 2s;
             proxy_read_timeout 2s;
-            proxy_pass http://127.0.0.1:8546/health;
+            proxy_pass http://127.0.0.1:8547/health;
             add_header Content-Type text/plain;
         }
     }