Connection failure from Chrome

[rrombu]

Hello, it's me again. :) Got some weird problem. Auto-reload doesn't work for me in Chrome. When I open any page in Lavagna - "Connection failure" message appears and content doesn't refresh. Other browsers - no problem.

Setup (containerized):

• Lavagna 1.0.7.2
• MySQL 5.5
• Nginx 1.9.10 as a reverse proxy with SSL

Tested:

• Chrome 54.0.2840.99 m (64-bit) on Windows 10 - ERROR
• Chromium 52 on Linux - ERROR
• Chrome 54.0.28.40.85 on Android - ERROR
• Edge on Windows 10 - WORKS
• Firefox on Linux - WORKS

Here's output from Chrome's console if it may be of any help: https://i.imgur.com/NPYff0h.png

[syjer]

Hi @budrom ,

Looks like the websocket configuration in nginx is not complete.

It should look something like that:

# Map Upgrade: header to use for Connection: proxy header (web sockets).
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# Always user HTTP 1.1.
proxy_http_version 1.1;

# Disable buffering on proxy.
proxy_buffering off;

# Set required HTTP header, including X-Forwarded-For.
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

[syjer]

(And yes, we really need to document this step too :D )

[rrombu]

It seems like I already have these settings...

map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}

map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    listen 80;
    access_log /var/log/nginx/access.log vhost;
    return 503;
}

upstream lavagna.address {
    server 172.17.0.7:8080;
}
server {
    server_name lavagna.address;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name lavagna.address;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/lavagna.address.crt;
    ssl_certificate_key /etc/nginx/certs/lavagna.address.key;
    ssl_dhparam /etc/nginx/certs/lavagna.address.dhparam.pem;
    add_header Strict-Transport-Security "max-age=31536000";
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://lavagna.address;
    }
}

[syjer]

I must admit that I'm not sure what could be the exact cause of the problem :(.

From the error reported by chrome, it's clear there is some kind of misconfiguration in the websocket support (maybe you have another proxy somewhere that it's not configured correctly?)

[SitoCH]

Are you sure about the initial section?

map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}

I have the same configuration with a NGINX proxy on SSL but I don't have the map $http_x_forwarded_proto $proxy_x_forwarded_proto section.

[rrombu]

@syjer There's only one Nginx. @SitoCH the config was autogenerated, but I tried to comment out section you mentioned along with proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; and it did not help.

It's strange for me that only Chrome is affected.

[SitoCH]

I checked twice my configuration, a jwilder/nginx-proxy Docker container, and I have also these settings:

underscores_in_headers on;
proxy_set_header Origin '';
proxy_pass_header X-XSRF-TOKEN;

[rrombu]

@SitoCH Yep, that was it. Somehow my version of jwilder/nginx-proxy container was missing these lines. Thanks for your help!

[SitoCH]

Great, it took me some time to find the right configuration so it's good to share it with someone else who has the same issue.