Closed rrombu closed 7 years ago
Hi @budrom ,
Looks like the websocket configuration in nginx is not complete.
It should look something like that:
# Map Upgrade: header to use for Connection: proxy header (web sockets).
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Always user HTTP 1.1.
proxy_http_version 1.1;
# Disable buffering on proxy.
proxy_buffering off;
# Set required HTTP header, including X-Forwarded-For.
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
(And yes, we really need to document this step too :D )
It seems like I already have these settings...
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
upstream lavagna.address {
server 172.17.0.7:8080;
}
server {
server_name lavagna.address;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name lavagna.address;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/lavagna.address.crt;
ssl_certificate_key /etc/nginx/certs/lavagna.address.key;
ssl_dhparam /etc/nginx/certs/lavagna.address.dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://lavagna.address;
}
}
I must admit that I'm not sure what could be the exact cause of the problem :(.
From the error reported by chrome, it's clear there is some kind of misconfiguration in the websocket support (maybe you have another proxy somewhere that it's not configured correctly?)
Are you sure about the initial section?
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
I have the same configuration with a NGINX proxy on SSL but I don't have the map $http_x_forwarded_proto $proxy_x_forwarded_proto section.
@syjer There's only one Nginx.
@SitoCH the config was autogenerated, but I tried to comment out section you mentioned along with proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
and it did not help.
It's strange for me that only Chrome is affected.
I checked twice my configuration, a jwilder/nginx-proxy Docker container, and I have also these settings:
underscores_in_headers on;
proxy_set_header Origin '';
proxy_pass_header X-XSRF-TOKEN;
@SitoCH Yep, that was it. Somehow my version of jwilder/nginx-proxy container was missing these lines. Thanks for your help!
Great, it took me some time to find the right configuration so it's good to share it with someone else who has the same issue.
Hello, it's me again. :) Got some weird problem. Auto-reload doesn't work for me in Chrome. When I open any page in Lavagna - "Connection failure" message appears and content doesn't refresh. Other browsers - no problem.
Setup (containerized):
Tested:
Here's output from Chrome's console if it may be of any help: https://i.imgur.com/NPYff0h.png