[PM-3019] Add Proxy Passthrough

bitwarden / self-host

Bitwarden's self-hosted release repository

GNU General Public License v3.0

316 stars 55 forks source link

[PM-3019] Add Proxy Passthrough #138

Closed justindbaur closed 9 months ago

justindbaur commented 1 year ago

Repeat proxy pass through for the anonymous-hub that enables Login with device

I believe this would fix bitwarden/server#3103, described in the PR, they are able to request it, receive it on their phone, confirm that request but their original client never gets told it completed. This would lend to 2 possible errors, their confirming client is never actually telling the server that it was confirmed or the server is not able to notify the originating client of the success. The following log makes me think the originating client isn't actually able to connect to the anonymous-hub (or even see it). Going by this config we have special rules for the existing hub but not this new one.

Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not be a SignalR endpoint, the connection ID is not present on the server, or there is a proxy blocking WebSockets. If you have multiple servers check that sticky sessions are enabled.

bitwarden-bot commented 1 year ago

Logo Checkmarx One – Scan Summary & Details – 39cf676f-408a-4527-842f-497fdf1d20dd

No New Or Fixed Issues Found

theofficialgman commented 1 year ago

I am using the standard self-hosted linux install (not the unified beta) and have this same problem. Does this fix the issue there too?

I have the same log in web console as the OP of the issue

Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not be a SignalR endpoint, the connection ID is not present on the server, or there is a proxy blocking WebSockets. If you have multiple servers check that sticky sessions are enabled.

budokaiman commented 1 year ago

I am using the standard self-hosted linux install (not the unified beta) and have this same problem. Does this fix the issue there too?

I don't think that needs changing as the headers are set there: https://github.com/bitwarden/server/blob/35111382e5db60c18438f87195db66f589328db2/util/Setup/Templates/NginxConfig.hbs#L131-L138 If you check your bwdata/nginx/default.conf file you should see the headers set for the /notifications/hub and /notifications/anonymous-hub locations.

That said, I'm also seeing the same error on non-unified (on all notifications). I can't find much info other than the APIs are returning 400 from bitwarden nginx log

192.168.1.1 - - [25/Jul/2023:18:09:00 +0000] "GET /notifications/hub?access_token=TOKEN HTTP/1.1" 400 33 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" "192.168.1.1"