search

bastillion-io / Bastillion

Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
https://www.bastillion.io
Other
3.18k stars 381 forks source link

Error during WebSocket handshake: Unexpected response code: 403 #242

Open giopas opened 7 years ago

giopas commented 7 years ago

Hi there,

I have installed KeyBox on my QNAP (via the third party reposotory[1]) and I get the above mentioned error while trying to access the terminal (I can login and configure KeyBox just fine).

In particular what I get is the following:

WebSocket connection to 'ws://www.mydomain.com/admin/terms.ws?t=1502983226106' failed: Error 
during WebSocket handshake: Unexpected response code: 403
(anonymous) @ createTerms.action:305
mightThrow @ jquery-3.2.0.js:3583
process @ jquery-3.2.0.js:3651

Here are the extended details:

**General:**
Request URL: ws://www.mydomain.com/admin/terms.ws?t=1502983226106
Request Method: GET
Status Code: 403 Forbidden

**Response Headers:**
Connection:close
Content-Length:1796

**Request Headers:**
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8,it;q=0.6,fr-FR;q=0.4,fr;q=0.2
Cache-Control: no-cache
Connection: Upgrade
Cookie: _ga=GA1.2.1420083021.1491827874; _gid=GA1.2.748174204.1502892765; JSESSIONID=node0b54o009o1rs91kobqpel4lota2.node0
Host: www.mydomain.com
Origin: http://www.mydomain.com
Pragma: no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key: 50di6kUCmuNv9oncY6i+8A==
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36

**Query String Parameters:**
t: 1502983226106

I have read here [2] that there is maybe a change to be done. But I do not know more.

Can someone help me out on this please?

Thanks,

giopas

[1] https://qnapclub.eu/index.php?act=detail&qpkg_id=260 [2] https://stackoverflow.com/questions/39627017/error-during-websocket-handshake-unexpected-response-code-403

skavanagh commented 7 years ago

Something is blocking websockets. Are you using a reverse-proxy or something that could be the cause? https://stackoverflow.com/questions/35738253/unexpected-response-code-403-for

giopas commented 7 years ago

Yes sorry, I forgot to mention it.

I am actually accessing KeyBox behind an Apache reverse proxy set out as follows:

<VirtualHost *:80>        
 ServerName www.mydomain.com       
 ProxyRequests Off        
<Proxy *>         
 #Order deny,allow        
 Require all granted        
</Proxy>         
<Location />         
 #Order allow,deny        
 Require all granted        
</Location>         
 ProxyPreserveHost On        
 ProxyPass / http://localhost:58000/        
 ProxyPassReverse / http://localhost:58000/       
 ProxyStatus On        
</VirtualHost>

I also unsucessfully tried the following reverse proxy:

<VirtualHost *:80>        
 ServerName www.mydomain.com        
 ProxyRequests Off        
<Proxy *>         
 #Order deny,allow        
 Require all granted        
</Proxy>         
<LocationMatch "/admin/(terms.*)">        
 ProxyPass ws://localhost:58000/admin/$1        
 ProxyPassReverse ws://localhost:58000/admin/$1       
</LocationMatch>        
 ProxyPass / http://localhost:58000/        
 ProxyPassReverse / http://localhost:58000/       
 ProxyRequests Off        
 ProxyPreserveHost On        
 ProxyStatus On        
</VirtualHost>

Finally I can access to KeyBox also through ngrok (via http).

willgopublic commented 7 years ago

a2enmod proxy_wstunnel ?