Does not work when using nginx reverse proxy

[krivahtoo]

📑 I have found these related issues/pull requests

4797 The difference is I am using nginx config is from https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#nginx

🛡️ Security Policy

• [X] I agree to have read this project Security Policy

Description

No response

👟 Reproduction steps

1. Start uptime-kuma docker image with the following:

   docker run -d --restart=always -p 3001:3001 -v uptime-kuma:/app/data --name uptime louislam/uptime-kuma:1

2. Setup nginx reverse proxy with SSL (Certbot).

nginx config generated by Certbot:

server {

    server_name uptime.example.com status.example.com;

    location / {
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_pass         http://localhost:3001/;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/uptime.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/uptime.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = status.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = uptime.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name uptime.example.com status.example.com;
    return 404; # managed by Certbot

}

3. Open uptime.example.com on a browser.

👀 Expected behavior

It should open the setup page and enable me to register and login to the dashboard.

😓 Actual Behavior

It just loads blank screen with error Lost connection to the socket server. Reconnecting....

Sometimes the error does not appear.

🐻 Uptime-Kuma Version

1.23.13

💻 Operating System and Arch

Linux 6.1.0-18-cloud-amd64 Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux

🌐 Browser

Chromium 125.0.6422.141

🖥️ Deployment Environment

• Runtime: Docker version 25.0.3
• Database: sqlite
• Filesystem used to store the database on:
• number of monitors: 0

📝 Relevant log output

uptime-kuma  | ==> Performing startup jobs and maintenance tasks
uptime-kuma  | ==> Starting application with user 0 group 0
uptime-kuma  | Welcome to Uptime Kuma
uptime-kuma  | Your Node.js version: 18.20.2
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Welcome to Uptime Kuma
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Node Env: production
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Inside Container: true
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Importing Node libraries
uptime-kuma  | 2024-06-06T11:44:10Z [SERVER] INFO: Importing 3rd-party libraries
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Creating express and socket.io instance
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Server Type: HTTP
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Importing this project modules
uptime-kuma  | 2024-06-06T11:44:11Z [NOTIFICATION] INFO: Prepare Notification Providers
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Version: 1.23.13
uptime-kuma  | 2024-06-06T11:44:11Z [DB] INFO: Data Dir: ./data/
uptime-kuma  | 2024-06-06T11:44:11Z [SERVER] INFO: Connecting to the Database
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: SQLite config:
uptime-kuma  | [ { journal_mode: 'wal' } ]
uptime-kuma  | [ { cache_size: -12000 } ]
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: SQLite Version: 3.41.1
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Connected
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Your database version: 10
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Latest database version: 10
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Database patch not needed
uptime-kuma  | 2024-06-06T11:44:12Z [DB] INFO: Database Patch 2.0 Process
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Load JWT secret from database.
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: No user, need setup
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Adding route
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Adding socket handler
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Init the server
uptime-kuma  | 2024-06-06T11:44:12Z [SERVER] INFO: Listening on 3001
uptime-kuma  | 2024-06-06T11:44:12Z [SERVICES] INFO: Starting nscd
uptime-kuma  | 2024-06-06T11:48:53Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:48:53Z [SERVER] INFO: Redirect to setup page
uptime-kuma  | 2024-06-06T11:49:54Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:49:54Z [SERVER] INFO: Redirect to setup page
uptime-kuma  | 2024-06-06T11:50:57Z [SOCKET] INFO: New polling connection, IP = 172.18.0.1
uptime-kuma  | 2024-06-06T11:50:57Z [SERVER] INFO: Redirect to setup page

[CommanderStorm]

From the configuration and the log, i cannot see something obvious.

• (getting the stupid stuff out off the way first) have you maybe not applied a change in nginx? Could you send the SIGUSR1 signal

  nginx -s reload

• are you using a custom filter set as the user in https://github.com/louislam/uptime-kuma/issues/4256, or are you running vanilla nginx?
• As a hunch: could you try launching the docker container with the -e UPTIME_KUMA_WS_ORIGIN_CHECK=bypass option (see https://github.com/louislam/uptime-kuma/releases/tag/1.23.9)?

[krivahtoo]

• (getting the stupid stuff out off the way first) have you maybe not applied a change in nginx?

Yeah, I have

• are you using a custom filter set as the user in /socket.io is POSTed with content-type: text/plain and trips ModSecurity OWASP rules #4256, or are you running vanilla nginx?

I am running vanilla nginx.

• As a hunch: could you try launching the docker container with the -e UPTIME_KUMA_WS_ORIGIN_CHECK=bypass option (see https://github.com/louislam/uptime-kuma/releases/tag/1.23.9)?

I tried but still no change.

Should the ip on uptime-kuma logs be my ip?

[CommanderStorm]

Are you running behind a firewall, vpn.. that might impede the websocket connection?

About the IP in the logs: https://github.com/louislam/uptime-kuma/blob/4794f9eb0bc47ebfe3eed3edaa7f880430052543/server/uptime-kuma-server.js#L138

=> we print the ip that we recive unless trustProxy is set.

[krivahtoo]

Are you running behind a firewall, vpn.. that might impede the websocket connection?

Not sure. I am using a gcp compute engine with the default allow-https/allow-http firewall settings.

... trustProxy is set.

Do i need to set this? If so, where do i set it?

[CommanderStorm]

gcp compute engine with [...] firewall settings

Could you try disabling the fiewall and see if this fixes the problem? I don't know what that firewall filters as I don't use GCP.

Do i need to set this

You don't need to set this. (plus you can't if socketio is not working ^^)

[krivahtoo]

Could you try disabling the fiewall and see if this fixes the problem?

I'm not sure if it is possible, I will check.

... I don't know what that firewall filters as ...

I think it basically block access to all ports on the server by default and you have to allow the ports you want accessible (allow-http and allow-https in this case allows traffic on ports 80 and 433).

[github-actions[bot]]

We are clearing up our old help-issues and your issue has been open for 60 days with no activity. If no comment is made and the stale label is not removed, this issue will be closed in 7 days.