cant figure out my reverse proxy(nginx) And stuck on "Establishing secure connection"

KwazyMotoo commented 1 year ago

sudo docker logs -f --tail 30 kasm_proxy
2023/06/06 19:59:35 [warn] 8#8: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/ssl/certs/kasm_nginx.crt"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/ssl/certs/kasm_nginx.crt"
2023/06/06 19:59:35 [notice] 8#8: using the "epoll" event method
2023/06/06 19:59:35 [notice] 8#8: nginx/1.21.3
2023/06/06 19:59:35 [notice] 8#8: built by gcc 10.3.1 20210424 (Alpine 10.3.1_git20210424) 
2023/06/06 19:59:35 [notice] 8#8: OS: Linux 6.2.0-20-generic
2023/06/06 19:59:35 [notice] 8#8: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/06/06 19:59:35 [notice] 8#8: start worker processes
2023/06/06 19:59:35 [notice] 8#8: start worker process 9
2023/06/06 19:59:35 [notice] 8#8: start worker process 10
2023/06/06 19:59:35 [notice] 8#8: start worker process 11
2023/06/06 19:59:35 [notice] 8#8: start worker process 12
172.22.0.8 - - [06/Jun/2023:19:59:38 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 502 150 "-" "Python-urllib/3.8" "-"
172.22.0.8 - - [06/Jun/2023:19:59:38 +0000] "POST /manager_api/api/v1/images HTTP/1.1" 502 150 "-" "Python-urllib/3.8" "-"
172.22.0.8 - - [06/Jun/2023:19:59:38 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 502 150 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:00:00 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:00:00 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:00:05 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:00:07 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:00:30 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:00:30 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:00:35 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:00:37 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
^[[172.22.0.2 - - [06/Jun/2023:20:01:00 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:01:00 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:01:05 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:01:07 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "Python-urllib/3.8" "-"
172.22.0.8 - - [06/Jun/2023:20:01:07 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:01:30 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:01:30 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:01:35 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:01:37 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
^[[B^[[B^[[A172.22.0.2 - - [06/Jun/2023:20:02:00 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:02:00 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:02:05 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:02:07 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:02:30 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:02:30 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:02:35 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:02:37 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "Python-urllib/3.8" "-"
172.22.0.8 - - [06/Jun/2023:20:02:37 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:03:00 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:03:00 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:03:05 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
172.22.0.8 - - [06/Jun/2023:20:03:07 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8" "-"
172.22.0.2 - - [06/Jun/2023:20:03:30 +0000] "GET /api/__healthcheck HTTP/1.1" 200 12 "-" "axios/1.4.0" "-"
172.22.0.2 - - [06/Jun/2023:20:03:30 +0000] "POST /api/guac_get_managers HTTP/1.1" 200 27 "-" "axios/1.4.0" "-"
:wq172.22.0.2 - - [06/Jun/2023:20:03:35 +0000] "POST /manager_api/api/v1/log HTTP/1.1" 200 0 "-" "axios/1.4.0" "-"
:172.22.0.8 - - [06/Jun/2023:20:03:37 +0000] "POST /manager_api/api/v1/heartbeat HTTP/1.1" 200 464 "-" "Python-urllib/3.8"

my nginx virtual host file:


     listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/kasm.xxxx.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kasm.xxxx.org/privkey.pem;

     location / {
         # The following configurations must be configured when proxying to Kasm Workspaces

         # WebSocket Support
         proxy_set_header        Upgrade $http_upgrade;
         proxy_set_header        Connection "upgrade";

         # Host and X headers
         proxy_set_header        Host $host;
         proxy_set_header        X-Real-IP $remote_addr;
         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header        X-Forwarded-Proto $scheme;

         # Connectivity Options
         proxy_http_version      1.1;
         proxy_read_timeout      1800s;
         proxy_send_timeout      1800s;
         proxy_connect_timeout   1800s;
         proxy_buffering         off;

         # Allow large requests to support file uploads to sessions
         client_max_body_size 10M;

         # Proxy to Kasm Workspaces running locally on 8443 using ssl
         proxy_pass https://127.0.0.1:8443;
     }
 }```

j-travis commented 1 year ago

To confirm, you put a reverse proxy in front of kasm?

Can you create a new session when connecting to Kasm directly via its URL ( and not the reverse proxy?). If not , you want to make sure you get this squard away first. Whenever you test different configurations, be sure to create new kasm sessions each time. If you resume a session previously created it may not have the new settings applied.
Please paste a screen shot of your zone configuration

For reference , configuring a reverse proxy in front of Kasm is covered here:

https://kasmweb.com/docs/latest/how_to/reverse_proxy.html

Please pay attention to the last section about updating the Zone: https://kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones

j-travis commented 1 year ago

When you created this bug ticket it asked you for a list of details that help us help you. Please provide them https://github.com/kasmtech/workspaces-issues/issues/new?assignees=&labels=bug&projects=&template=bug_report.md&title=%5BBug%5D+-+Example

kasmtech / workspaces-issues

cant figure out my reverse proxy(nginx) And stuck on "Establishing secure connection" #404