Does not work when using nginx reverse proxy

[krivahtoo]

📑 I have found these related issues/pull requests

4797 The difference is I am using nginx config is from https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx

🛡️ Security Policy

• [X] I agree to have read this project Security Policy

Description

No response

👟 Reproduction steps

1. Start uptime-kuma docker image with the following:

   docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime louislam/uptime-kuma:1

2. Setup nginx reverse proxy with SSL (Certbot).

nginx config generated by Certbot:

server {

    server_name uptime.example.com status.example.com;

    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_pass         http://localhost:3001/;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/uptime.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/uptime.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = status.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = uptime.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name uptime.example.com status.example.com;
    return 404; # managed by Certbot

}

3. Open uptime.example.com on a browser.

👀 Expected behavior

It should open the setup page and enable me to register and login to the dashboard.

😓 Actual Behavior

It just loads blank screen with error Lost connection to the socket server. Reconnecting....

Sometimes the error does not appear.

🐻 Uptime-Kuma Version

1.23.13

💻 Operating System and Arch

Linux 6.1.0-18-cloud-amd64 Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux

🌐 Browser

Chromium 125.0.6422.141

🖥️ Deployment Environment

• Runtime: Docker version 25.0.3
• Database: sqlite
• Filesystem used to store the database on:
• number of monitors: 0

📝 Relevant log output

uptime-kuma  | ==> Performing startup jobs and maintenance tasks
uptime-kuma  | ==> Starting application with user 0 group 0
uptime-kuma  | Welcome to Uptime Kuma
uptime-kuma  | Your Node.js version: 18.20.2
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Welcome to Uptime Kuma
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Node Env: production
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Inside Container: true
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Importing Node libraries
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Importing 3rd-party libraries
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Creating express and socket.io instance
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Server Type: HTTP
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Importing this project modules
uptime-kuma  | 2024-06-06T11:44:11Z [NOTIFICATION] INFO: Prepare Notification Providers
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Version: 1.23.13
uptime-kuma  | 2024-06-06T11:44:11Z [DB] INFO: Data Dir: ./data/
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Connecting to the Database
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: SQLite config:
uptime-kuma  | [ { journal_mode: 'wal' } ]
uptime-kuma  | [ { cache_size: -12000 } ]
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: SQLite Version: 3.41.1
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Connected
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Your database version: 10
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Latest database version: 10
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Database patch not needed
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Database Patch 2.0 Process
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Load JWT secret from database.
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: No user, need setup
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Adding route
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Adding socket handler
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Init the server
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Listening on 3001
uptime-kuma  | 2024-06-06T11:44:12Z [SERVICES] INFO: Starting nscd
uptime-kuma  | 2024-06-06T11:48:53Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:48:53Z [SERVER] INFO: Redirect to setup page
uptime-kuma  | 2024-06-06T11:49:54Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:49:54Z [SERVER] INFO: Redirect to setup page
uptime-kuma  | 2024-06-06T11:50:57Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:50:57Z [SERVER] INFO: Redirect to setup page

[CommanderStorm]

From the configuration and the log, i cannot see something obvious.

• (getting the stupid stuff out off the way first) have you maybe not applied a change in nginx? Could you send the SIGUSR1 signal

  nginx -s reload

• are you using a custom filter set as the user in https://github.com/louislam/uptime-kuma/issues/4256, or are you running vanilla nginx?
• As a hunch: could you try launching the docker container with the -e UPTIME_KUMA_WS_ORIGIN_CHECK=bypass option (see https://github.com/louislam/uptime-kuma/releases/tag/1.23.9)?

[krivahtoo]

• (getting the stupid stuff out off the way first) have you maybe not applied a change in nginx?

Yeah, I have

• are you using a custom filter set as the user in /socket.io is POSTed with content-type: text/plain and trips ModSecurity OWASP rules #4256, or are you running vanilla nginx?

I am running vanilla nginx.

• As a hunch: could you try launching the docker container with the -e UPTIME_KUMA_WS_ORIGIN_CHECK=bypass option (see https://github.com/louislam/uptime-kuma/releases/tag/1.23.9)?

I tried but still no change.

Should the ip on uptime-kuma logs be my ip?

[CommanderStorm]

Are you running behind a firewall, vpn.. that might impede the websocket connection?

About the IP in the logs: https://github.com/louislam/uptime-kuma/blob/4794f9eb0bc47ebfe3eed3edaa7f880430052543/server/uptime-kuma-server.js#L138

=> we print the ip that we recive unless trustProxy is set.

[krivahtoo]

Are you running behind a firewall, vpn.. that might impede the websocket connection?

Not sure. I am using a gcp compute engine with the default allow-https/allow-http firewall settings.

... trustProxy is set.

Do i need to set this? If so, where do i set it?

[CommanderStorm]

gcp compute engine with [...] firewall settings

Could you try disabling the fiewall and see if this fixes the problem? I don't know what that firewall filters as I don't use GCP.

Do i need to set this

You don't need to set this. (plus you can't if socketio is not working ^^)

[krivahtoo]

Could you try disabling the fiewall and see if this fixes the problem?

I'm not sure if it is possible, I will check.

... I don't know what that firewall filters as ...

I think it basically block access to all ports on the server by default and you have to allow the ports you want accessible (allow-http and allow-https in this case allows traffic on ports 80 and 433).