Failed to accept WebSocket connection WebSocket protocol violation
I am overhauling our Coder server deployment. It is in a private AWS subnet with an AWS client VPN endpoint allowing my laptop to connect to the subnet. I can use the HTTP API (via simple commands like workspaces list in the CLI) and access the web dashboard.
However when I run the template create command I get a weird networking error. This new deployment of Coder is much more locked down and only allows traffic on the port in the access URL. Additionally now the Coder server is behind an Nginx reverse proxy.
Here is the full terminal output:
22 Replies
I'm suspecting one of two causes:
- I need to allow network traffic through on another port besides the one in the access URL
- I need to configure Nginx to forward specific headers through to the Coder server
https://discord.com/channels/747933592273027093/1007075267119947807
This might fix it
Ayo I bet so
Unfortunately that was not it
Here's my Nginx conf
Here's the Nginx access log:
Here are the logs from coder
Oh I might be missing this from the top of my config:
Still no dice
Is there a specific problem I'm trying to address that I can google about? Is this trying to get a websocket connection through nginx?
can you show me your full config? this is a websocket reverse-proxy issue
well you did send it in parts but I wanna make sure that you placed it at the right spot
something else, did you restart nginx? just making sure
and could you show the output of
coder templates create aws-linux after doing thosehttps://gist.github.com/Mainstay-Noah-Huppert/2e6d46b10d2ccf158bc590ee55fa0c6d
Here you go. There is the top level
/ect/nginx/nginx.conf which loads files in /etc/nginx/conf.d/ and then I have a Nginx conf for coder in that directory.
The script to launch the Coder server service actually dynamically creates the Nginx config and then restarts Nginx (bc some parameters about which ports everything should be running on couldn't be known at the time I was building the Coder server AMI so instead I grab those ports from a key value store at runtime and make the config, that's why you see the Nginx config in the Coder service logs).
The only unusual thing about my setup is I'm using the AWS managed VPN service to connect into a private subnet.
The attachment creates an elastic network interface (ENI) in the subnet. All of the network traffic from the client subnet is NATed (Network Address Translated) to the ENI IP address.https://aws.amazon.com/es/blogs/networking-and-content-delivery/using-aws-client-vpn-to-scale-your-work-from-home-capacity/ And I remember something about not being able to use NATs in the server docs. But this way of making private subnets and having a VPN is probably the most common enterprise patterns ever so I assume it work w Coder bc otherwise that would be bonkers
GitHub
Reconnection timeout on VPN Ā· Issue #1985 Ā· aws/amazon-chime-sdk-js
What happened and what did you expect to happen? The Chime SDK for JavaScript reconnection timed out when turning WiFI on/off on the VPN connection. Have you reviewed our existing documentation? Gi...
It looks like AWS client VPN does work w WebSockets so I think I'm configuring something wrong or idk but it should be possible
I'd like to see the one in conf.d
It's all in there
oh you did add it
yeah honestly this looks good to me I don't really know
you should try installing the CLI on the machine where nginx is installed
nevermind that wouldn't change anything
also if you can use http then you can also use websockets
wait
you can visit the home page right?
Yea
And it seems like some normal cmds like listing workspaces and listing templates works
I saw in the help thread linked above that there were two different versions of the Nginx config. You version and then someone else posted a screenshot of theirs. In theirs they set the Connection header to lowercase upgrade while yours had uppercase. They also set the http version manually. Could that make a difference?
I mean good to at least see if the server is functioning. I logged in w the CLI on the server, but not through the reverse proxy and directly through the local port. The template create cmd worked
you can try forcing the http ver, headers bring uppercase or lowercase rarely matters since most servers interpret them in all lowercase
and the convention is to use Upgrade
....
Um
Setting the http version did it
:poggers: :poggers: :poggers: :poggers:
Thank you so much @Phorcys and @colin (rust enthusiast) !
Marked the thread as resolved.
Whoa did a slash cmd just work in mobile ššš
Been a while since that happened š
So I guess it's good to know that setting the http version is also a key to the puzzle
yeah thanks ! what did you set it to ?
1.1
alright, you should probably use 2.0
it's way faster
Here is the full working Nginx conf for reference
I'll try 2.0 and edit the above config if it works
Looks like only 1.0 and 1.1 are supported values for that option http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
welp