Unable to connect to the Sshwifty backend server: WebSocket Error (1006)

[mattiaBox]

Hi. Thank you for having shared your amazing work!

I'm facing an error trying to implement Sshwifty behind a proxy using Apache 2.4.

The error client side is: Unable to connect to the Sshwifty backend server: WebSocket Error (1006)

The error in the log of my docker installation is: Sshwifty > Server (0.0.0.0:8182) > Client (192.168.1.100:35426): Request ended with error: /sshwifty/socket: HTTP Error (400): websocket: the client is not using the websocket protocol: 'upgrade' token not found in 'Connection' header

This is my Apache configuration:

                ProxyRequests On
                ProxyPass / http://192.168.1.100:8182/
                ProxyPassReverse / http://192.168.1.100:8182/
                RewriteEngine on
                RewriteCond %{HTTP:Upgrade} websocket [NC]
                RewriteCond %{HTTP:Connection} Upgrade [NC]
                RewriteRule ^/?(.*) ws://192.168.1.100:8182/$1 [P,L]

The headers requested from the client (F12) are as expected:

Connection: Upgrade
Upgrade: websocket

I cannot understand what's going on... can someone help me?

Thank you

[nirui]

I applied the configuration above directly to httpd.conf as a VirtualHost, then started Apache, it works without issue. Maybe something else is effecting the server.

My steps:

1. docker run --rm httpd:latest cat /usr/local/apache2/conf/httpd.conf > my-httpd.conf (Note: httpd:latest is pointing to 2.4 at this moment)

2. Modify the my-httpd.conf, adding

   <VirtualHost *:80>
       ServerName localhost
       ProxyRequests On
       ProxyPass / http://sshwiftyserver:8182/
       ProxyPassReverse / http://sshwiftyserver:8182/
       RewriteEngine on
       RewriteCond %{HTTP:Upgrade} websocket [NC]
       RewriteCond %{HTTP:Connection} Upgrade [NC]
       RewriteRule ^/?(.*) ws://sshwiftyserver:8182/$1 [P,L]
   </VirtualHost>

3. Enable mod_proxy, mod_http_proxy and mod_rewrite

4. docker run --rm --name my-apache-app -p 8080:80 -v "$PWD/my-httpd.conf":/usr/local/apache2/conf/httpd.conf httpd:latest

5. Open http://localhost, confirm that the websocket connection works.

[mattiaBox]

Thank you, Nirui!

Actually, I use port forwarding for reaching my Apache instance from the Internet, but it looks like my router is dropping these WebSocket packages (this morning I checked with a tcpdump)... I don't know why, but obviously it's not Sshwifty fault ;) I was so confident on this solution's feasability and on my network configuration that I didn't even check it.

I'm so sorry to have bothered you. Thank you again for your prompt response.

[nirui]

Well ... It took me over 7 hours to pull that Apache image due to my poor network, so it's not exactly a prompt respond LOL.

About the Port Forwarding, hmm... that's weird. A basic relay (iptables for example) or NAT should just re-transmit the TCP payload as-is without filtering the content.

I don't have any deep experience with router configurations, so I'm afraid I could only make guesses. Maybe check your firewall setting etc, see if there is anything HTTP related?

[mattiaBox]

7 hours is quite a bit... again, I'm sorry.

It seems an issue with the firewall packet inspector, but I think is not useful to talk here about my personal network infrastructure. So, thank you again for your kind response. I'm gonna close this issue since is not Sshwifty related.

Bye

[nirui]

It's fine actually, it was the machine spending the night downloading that. I was just explaining why it took me 12 hours to post a respond -- because I wanted to take look the setting before offer any suggestion.

Anyway, if the packet inspector is indeed the cause, then HTTPS maybe worth a try. Good luck! :D