Goaccess Not Working behind Nginx Reverse Proxy

[JDeepD]

I know this is a common issue and I have spent the last 2 days just going through the solutions but still not being able to fix it.

Okay, so here is the scenario. I am running an Express Backend on AWS EC2 and using Nginx as reverse proxy (SSL certificates are provisioned by letsencrypt). Here is my config:

server {
    server_name my.domain;
    location / {
      proxy_pass http://localhost:5000;
    }

    location /report {
        alias /var/www/html;
        index report.html;
        types {
            text/html html htm;
        }
        add_header Content-Type text/html;
    }

    location /ws {
        proxy_pass http://localhost:7890;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
        proxy_cache off;
        proxy_connect_timeout 60s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;
    }

   listen 443 ssl;
   ssl_certificate /etc/letsencrypt/live/my.domain/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/my.domain/privkey.pem;
   include /etc/letsencrypt/options-ssl-nginx.conf;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
  if ($host = my.domain) {
    return 301 https://$host$request_uri;
  } # managed by Certbot

  listen 80;
  server_name my.domain;
    return 404;
}

The command that I am running is:

sudo goaccess /var/log/nginx/access.log -o /var/www/html/report.html \
 --real-time-html \
 --ws-url=wss://my.domain/ws \
 --log-format=COMBINED \
 --port=7890 \
 --ssl-cert=/etc/letsencrypt/live/my.domain/fullchain.pem \
 --ssl-key=/etc/letsencrypt/live/my.domain/privkey.pem

Now, When I try to go to wss://my.domain/ws, it says Connection Refused.

➜  ~ websocat wss://my.domain/ws

websocat: WebSocketError: WebSocketError: Received unexpected status code (502 Bad Gateway)
websocat: error running

Upon Inspecting Nginx Logs, I get this:

ubuntu@ip-1.2.3.4:~$ sudo tail -f /var/log/nginx/error.log

2024/10/28 10:18:49 [error] 80757#80757: *469 upstream prematurely closed connection while reading response header from upstream, client: 162.158.227.143, server: my.domain, request: "GET /ws HTTP/1.1", upstream: "http://127.0.0.1:7890/ws", host: "my.domain"

GoAccess Logs are empty though. (Still waiting for websocket connections)

ubuntu@ip-1.2.3.4:~$ sudo goaccess /var/log/nginx/access.log -o /var/www/html/report.html --real-time-html --ws-url=wss://my.domain/ws --port=7890 --log-format=COMBINED -d
 [SETTING UP STORAGE /var/log/nginx/access.log] {0} @ {0/s}
WebSocket server ready to accept new client connections

Additional: When I run goaccess as a background process and try to access the websocket from the machine itself (without using nginx), it fails to connect as well.

ubuntu@ip-1.2.3.4:~$ curl -v -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: localhost:7890" -H "Origin: http://localhost" http://localhost:7890/ws
* Host localhost:7890 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:7890...
* connect to ::1 port 7890 from ::1 port 50438 failed: Connection refused
*   Trying 127.0.0.1:7890...
* Connected to localhost (127.0.0.1) port 7890
> GET /ws HTTP/1.1
> Host: localhost:7890
> User-Agent: curl/8.5.0
> Accept: */*
> Connection: Upgrade
> Upgrade: websocket
> Origin: http://localhost
> 
* Empty reply from server
* Closing connection
curl: (52) Empty reply from server

[JDeepD]

I am also using Cloudflare for managing DNS and I have enabled Websockets as well as set SSL/TLS to Strict(Full).

[JDeepD]

Okay, After countless hours of mindless debugging, here is what fixed it. In Cloudflare, disabling "Proxy through Cloudflare" in DNS Panel

[allinurl]

Thanks for sharing this info!