Traefik: Websocket: Error dialing, bad handshake

Do you want to request a feature or report a bug?

bug, possibly related to #2078, some discussion already went there

What did you do?

Upgraded Traefik from ~1.2 to latest. Then found that 1.3.3 was last working version.

What did you expect to see?

Working wss:// endpoint with ws:// backend. With passing HTTP Basic credentials.

What did you see instead?

Traefik:

[traefik-1]2017-09-26T15:03:55.254374139Z time="2017-09-26T15:03:55Z" level=warning msg="Error dialing `streaming.example.com`: websocket: bad handshake" 

Backend service:

2017-09-27 21:37:26,597 c.p.s.SocketServer$: Unauthorized user

Output of traefik version: (_What version of Traefik are you using?_)

1.3.4 - 1.3.8, 1.4.0-rc3

What is your environment & configuration (arguments, toml, provider, platform, ...)?

Docker Cloud with overlay network

# unrelated entries removed
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[backends]
  [backends.streaming-api-backend-dev]
    [backends.streaming-api-backend-dev.servers.server1]
    url = "ws://streaming-api.backend-dev:7788"

[frontends]
  [frontends.streaming-api-dev]
  backend = "streaming-api-backend-dev"
    [frontends.streaming-api-dev.routes.test_1]
    rule = "Host:streaming.example.com"

If applicable, please paste the log output in debug mode (--debug switch)

Special debug version from @Juliens:

[traefik-1]2017-09-27T21:37:26.468005624Z time="2017-09-27T21:37:26Z" level=debug msg="Look for provided certificate to validate [streaming.example.com]..." 
[traefik-1]2017-09-27T21:37:26.468190338Z time="2017-09-27T21:37:26Z" level=debug msg="No provided certificate found for domains [streaming.example.com], get ACME certificate." 
[traefik-1]2017-09-27T21:37:26.468236280Z time="2017-09-27T21:37:26Z" level=debug msg="Challenge GetCertificate streaming.example.com" 
[traefik-1]2017-09-27T21:37:26.468302456Z time="2017-09-27T21:37:26Z" level=debug msg="ACME got domain cert streaming.example.com" 
[traefik-1]2017-09-27T21:37:26.915226282Z time="2017-09-27T21:37:26Z" level=debug msg="Try dialing `streaming-api.backend-dev:7788`" 
[traefik-1]2017-09-27T21:37:26.915263389Z time="2017-09-27T21:37:26Z" level=warning msg="Error dialing `streaming-api.backend-dev:7788`: websocket: bad handshake with resp: &{401 Unauthorized 401 HTTP/1.1 1 1 map[Www-Authenticate:[Basic realm=""] Server:[akka-http/2.3.16] Date:[Wed, 27 Sep 2017 21:37:26 GMT] Content-Type:[text/plain; charset=UTF-8] Content-Length:[77]] {0xc420542450} 77 [] false false map[] 0xc420806200 <nil>}" 
[traefik-1]2017-09-27T21:37:32.116914266Z time="2017-09-27T21:37:32Z" level=debug msg="Look for provided certificate to validate [streaming.example.com]..." 
[traefik-1]2017-09-27T21:37:32.116944842Z time="2017-09-27T21:37:32Z" level=debug msg="No provided certificate found for domains [streaming.example.com], get ACME certificate." 
[traefik-1]2017-09-27T21:37:32.116974729Z time="2017-09-27T21:37:32Z" level=debug msg="Challenge GetCertificate streaming.example.com" 
[traefik-1]2017-09-27T21:37:32.117612246Z time="2017-09-27T21:37:32Z" level=debug msg="ACME got domain cert streaming.example.com" 
[traefik-1]2017-09-27T21:37:32.261379578Z time="2017-09-27T21:37:32Z" level=debug msg="Try dialing `streaming-api.backend-dev:7788`" 
[traefik-1]2017-09-27T21:37:32.261446671Z time="2017-09-27T21:37:32Z" level=warning msg="Error dialing `streaming-api.backend-dev:7788`: websocket: bad handshake with resp: &{401 Unauthorized 401 HTTP/1.1 1 1 map[Content-Type:[text/plain; charset=UTF-8] Content-Length:[77] Www-Authenticate:[Basic realm=""] Server:[akka-http/2.3.16] Date:[Wed, 27 Sep 2017 21:37:31 GMT]] {0xc4205a3fb0} 77 [] false false map[] 0xc4204f1700 <nil>}"