dani-garcia / vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
GNU Affero General Public License v3.0
38.47k stars 1.87k forks source link

[ISSUE] Websockets Not Working #929

Closed mokshmridul closed 4 years ago

mokshmridul commented 4 years ago

Hi,

Websockets not working / syncing between Chrome Client and Web Page

I had websockets working previously, but I am not getting this error:

WebSocket Protocol Error: Unable to parse WebSocket key.

The error appears when accessing both the internal IP of 192.168.0.11:3012 and the external server through the internet https://vault.example.in/notifications/hub

My Docker Compose is as follows:

    container_name: bitwarden
    image: bitwardenrs/server
    restart: unless-stopped
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "/opt/Bitwarden:/data"
    environment:
      LOG_FILE: /data/bitwarden.log
      WEBSOCKET_ENABLED: "true"
      INVITATIONS_ALLOWED: "false"
      SIGNUPS_ALLOWED: "false"
      SHOW_PASSWORD_HINT: "false"
      DOMAIN: https://vault.example.in
      ADMIN_TOKEN: xxxxx
    ports:
      - 8008:80
      - 3012:3012

My NGINX Reverse proxy is as follows:

#Add entry in Cloudflare DNS ("CNAME vault example.in") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  #Bad Bots Filtering
  if ($limit_bots = 1) {
            return 403;
  }

  #listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name vault.example.in;
  include /config/nginx/conf.d/*.conf;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    #client_max_body_size 128M;

    #SSL Configuration
    include /config/nginx/ssl.conf;

    location / {
    proxy_pass http://192.168.0.11:8008;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /notifications/hub {
    proxy_pass http://192.168.0.11:3012;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    }

    location /notifications/hub/negotiate {
    proxy_pass http://192.168.0.11:8008;
    }

    location /admin {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://192.168.0.11:8008;
  } 
}

Your environment

Expected behaviour

Websocket Sync to happen instantly upon changes in either client

Actual behaviour

Websocket Sync is not happening upon changes in either client

Relevant logs

[2020-03-26 17:21:14][ws::handler][ERROR] WS Error <Io(Kind(InvalidData))>: Missing id or access token
[2020-03-26 17:21:19][ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2020-03-26 17:21:19][start][INFO] Rocket has launched from http://0.0.0.0:80
[2020-03-26 17:21:22][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39972.
[2020-03-26 17:21:22][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:23][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39978.
[2020-03-26 17:21:23][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:23][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39982.
[2020-03-26 17:21:23][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:24][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39986.
[2020-03-26 17:21:24][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:24][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39990.
[2020-03-26 17:21:24][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:25][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:39994.
[2020-03-26 17:21:25][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:31][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:40040.
[2020-03-26 17:21:31][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:31][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:40044.
[2020-03-26 17:21:31][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:21:31][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:40048.
[2020-03-26 17:21:31][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:04][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53163.
[2020-03-26 17:22:04][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:04][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53164.
[2020-03-26 17:22:04][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:04][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53165.
[2020-03-26 17:22:04][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:04][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53166.
[2020-03-26 17:22:04][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:05][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53167.
[2020-03-26 17:22:05][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:05][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:53168.
[2020-03-26 17:22:05][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:41][ws::io][INFO] Accepted a new tcp connection from 192.168.0.22:42262.
[2020-03-26 17:22:41][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
[2020-03-26 17:22:41][ws::io][INFO] Accepted a new tcp connection from 192.168.0.22:42264.
[2020-03-26 17:22:41][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.
jjlin commented 4 years ago

I sent a PR for the Missing id or access token issue, which I'm seeing as well. I don't get the Unable to parse WebSocket key errors, though. Maybe this is caused by the first issue in your setup, we'll see.

mokshmridul commented 4 years ago

Maybe this is caused by the first issue in your setup, we'll see.

Hi, What "first issue" are you referring to in my setup? Do i have something setup incorrectly?

jjlin commented 4 years ago

Maybe this is caused by the first issue in your setup, we'll see.

Hi, What "first issue" are you referring to in my setup? Do i have something setup incorrectly?

No, I just meant maybe the Missing id or access token issue is triggering the Unable to parse WebSocket key message on your setup for some reason. I don't see the latter message on my setup.

mokshmridul commented 4 years ago

Okay, thanks for the input.

mokshmridul commented 4 years ago

Im sorry to ask, but i understand that the commit was merged into the latest build (digest 0035b5d8b0a3), and i have updated to this version. however i am still getting the error.



|                       Starting Bitwarden_RS                        |

|                      Version 1.14.1-ec608390                       |

|--------------------------------------------------------------------|

| This is an *unofficial* Bitwarden implementation, DO NOT use the   |

| official channels to report bugs/features, regardless of client.   |

| Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |

\--------------------------------------------------------------------/

[WARNING] The following environment variables are being overriden by the config file,

[WARNING] please use the admin panel to make changes to them:

[WARNING] DOMAIN, SIGNUPS_ALLOWED, INVITATIONS_ALLOWED, SHOW_PASSWORD_HINT, ADMIN_TOKEN

[2020-03-27 18:53:51][ws][INFO] Listening for new connections on 0.0.0.0:3012.

[2020-03-27 18:53:51][start][INFO] Rocket has launched from http://0.0.0.0:80

[2020-03-27 19:03:12][request][INFO] POST /identity/connect/token

[2020-03-27 19:03:12][response][INFO] POST /identity/connect/token (login) => 200 OK

[2020-03-27 19:03:12][request][INFO] GET /api/sync

[2020-03-27 19:03:12][response][INFO] GET /api/sync?<data..> (sync) => 200 OK

[2020-03-27 19:03:14][ws::io][INFO] Accepted a new tcp connection from 172.18.0.1:53526.

[2020-03-27 19:03:23][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:62963.

[2020-03-27 19:03:23][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.

[2020-03-27 19:03:23][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:62969.

[2020-03-27 19:03:23][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.````
jjlin commented 4 years ago

Your Missing id or access token error is gone. I'm running 1.14.1-ec608390 with HAProxy, and WebSocket notifications are working fine for me.

Given that you said you had it working before, I'd suspect that you changed something in your configuration somewhere, so maybe reflect on what that could be. Based on the error message, it looks like the Sec-WebSocket-Key HTTP header isn't making it through to bitwarden_rs for some reason. If you're also proxying through Cloudflare, you might take a look at any firewall rules and such that you have there. Finally, you might try running a WebSocket test client/server and making sure that works properly (e.g., see https://www.nginx.com/blog/websocket-nginx/).

mokshmridul commented 4 years ago

I am running it through a Nginx and through Cloudflare. However as i mentioned, even when i go directly to the internal IP 192.168.0.11:3012 i get the same error, which leads me to believe that its not an error with Nginx / Cloudflare.

I tried reverting to my previous settings, but its still a no-go. Any ideas as to where i could look further? I am just going to check if maybe its something on my firewall (pfsense).

Note: It seems like the connection is going through, but something else is going wrong. Im basing this on the following lines in the log file

[2020-03-28 01:16:28][ws::io][INFO] Accepted a new tcp connection from 192.168.0.23:50418
[2020-03-28 01:16:28][ws::handler][ERROR] WS Error <Protocol>: Unable to parse WebSocket key.

Edit: Okay so the functionality is working fine as of now, but im still getting the error mentioned above. Am i doing something wrong?

jjlin commented 4 years ago

Do you have a regular HTTP client somewhere trying to do a GET on http://192.168.0.11:3012/notifications/hub? That's exactly the error you would get since a non-WebSocket client wouldn't know to send a Sec-WebSocket-Key header. Your test where you "go directly to the internal IP 192.168.0.11:3012" is invalid for the same reason.

mokshmridul commented 4 years ago

Do you have a regular HTTP client somewhere trying to do a GET on http://192.168.0.11:3012/notifications/hub? That's exactly the error you would get since a non-WebSocket client wouldn't know to send a Sec-WebSocket-Key header. Your test where you "go directly to the internal IP 192.168.0.11:3012" is invalid for the same reason.

Okay, that makes sense now. Thank you for the quick help on this one.