C
Coder.com•4w ago
Katorly

Need help configuring Coder WebSocket behind a proxy with non-standard ports

Sorry for the inconvenience I made. I don't have access to the standard ports (port 80 and port 443) on my cloud instance. 😭 I use Nginx to proxy coder from internal port 7080 to external port 1234. Everything works perfectly fine, except for the logs session. Coder isn't showing any of the logs, including the workspace building logs and the template building logs. As the image shows, my WebSocket connection had successfully established in the workspace health check page. I checked my browser console, and there is always messages indicating that connection to WebSocket failed: - WebSocket connection to 'wss://example.com:1234/api/v2/templateversions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/logs?follow=true' failed: - Error: Connection for logs failed. at WebSocket.<anonymous> There were no error logs in the coder container log:
2024-12-03 08:34:56.110 [info] coderd: audit_log ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Time="2024-12-03T08:34:56.100751Z" UserID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx OrganizationID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx Ip=172.xx.x.1 UserAgent="" ResourceType=workspace_build ResourceID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx ResourceTarget="" Action=stop Diff="{}" StatusCode=200 AdditionalFields="{\"workspace_name\":\"test1\",\"build_number\":\"2\",\"build_reason\":\"initiator\",\"workspace_owner\":\"\",\"workspace_id\":\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx\"}" RequestID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx ResourceIcon="" actor="&{ID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx Email:[email protected] Username:somepeople}"
2024-12-03 08:35:18.526 [info] coderd.workspace_usage_tracker: updated workspaces last_used_at count=2 now="2024-12-03T08:35:17.869312391Z"
2024-12-03 08:34:56.110 [info] coderd: audit_log ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Time="2024-12-03T08:34:56.100751Z" UserID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx OrganizationID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx Ip=172.xx.x.1 UserAgent="" ResourceType=workspace_build ResourceID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx ResourceTarget="" Action=stop Diff="{}" StatusCode=200 AdditionalFields="{\"workspace_name\":\"test1\",\"build_number\":\"2\",\"build_reason\":\"initiator\",\"workspace_owner\":\"\",\"workspace_id\":\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx\"}" RequestID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx ResourceIcon="" actor="&{ID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx Email:[email protected] Username:somepeople}"
2024-12-03 08:35:18.526 [info] coderd.workspace_usage_tracker: updated workspaces last_used_at count=2 now="2024-12-03T08:35:17.869312391Z"
No description
No description
No description
No description
15 Replies
Katorly
KatorlyOP•4w ago
This is my Nginx proxy config (Using Nginx Proxy Manager). As you can see, WebSocket is enabled.
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
# The internal Docker localhost
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
# The internal Docker localhost
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;

set $proxy_forward_scheme http;
set $proxy_server "172.20.0.1";
set $proxy_port 7080;

proxy_pass $proxy_forward_scheme://$proxy_server:$proxy_port;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;

set $proxy_forward_scheme http;
set $proxy_server "172.20.0.1";
set $proxy_port 7080;

proxy_pass $proxy_forward_scheme://$proxy_server:$proxy_port;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
Katorly
KatorlyOP•4w ago
Here's a human-readable nginx proxy config:
No description
No description
No description
Phorcys
Phorcys•3w ago
hey @Katorly could you click the arrow for one of these and send a screenshot?
No description
Phorcys
Phorcys•3w ago
thanks for the really detailed issue by the way! :-)
Katorly
KatorlyOP•3w ago
Hello, thanks for the reply. Here is the screenshot.
No description
Phorcys
Phorcys•3w ago
hello, sorry for the delay did you get this sorted out? it seems like you have two nested location / blocks, maybe this is the issue
Katorly
KatorlyOP•3w ago
Thanks for pointing out this issue, however, after removing the extra location /, the problem still exist. Here is the new nginx proxy config, if you want to see whether I removed it or not:
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
Phorcys
Phorcys•2w ago
hey @Katorly, sorry for the lack of answers, did you figure this out?
Katorly
KatorlyOP•2w ago
I didn't figure it out. Maybe is that I don't know much about this Nginx and WebSocket stuff...
Phorcys
Phorcys•6d ago
i'm not sure how to assist either, sorry oh wait you have the same header twice
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

# ---- HERE ----
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
# ---- HERE ----
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
# ------------------------------------------------------------
# *.example.com, example.com
# ------------------------------------------------------------

map $scheme $hsts_header {
https "max-age=63072000; preload";
}

server {
set $forward_scheme http;
set $server "172.20.0.1";
set $port 7080;

listen 1233;
listen [::]:1233;

listen 1234 ssl http2;
listen [::]:1234 ssl http2;

server_name *.example.com example.com;

# Let's Encrypt SSL
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-7/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-7/privkey.pem;

# Block Exploits
include conf.d/include/block-exploits.conf;

# Force SSL
include conf.d/include/force-ssl.conf;

# ---- HERE ----
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

access_log /data/logs/proxy-host-1_access.log proxy;
error_log /data/logs/proxy-host-1_error.log warn;

location / {
proxy_pass http://172.20.0.1:7080;
proxy_http_version 1.1;
# ---- HERE ----
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}

# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
try removing the first block that has
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
Katorly
KatorlyOP•6d ago
Thanks for mentioning, however, removing them didn't help; I have removed and added some of them one by one a few days ago, but none of them resolve the issue. I guess I'll need to leave the issue aside for now. 😢
Phorcys
Phorcys•4d ago
sorry for not being able to help as a last resort, maybe try removing the exploit blocking stuff to see if it is blocking anything?
Katorly
KatorlyOP•4d ago
That doesn't resolve the issue either. Nevermind, in addition to making templates, logs are not so necessary. Thanks for your help!
Phorcys
Phorcys•4d ago
please let me know if you ever figure this out!
Codercord
Codercord•4d ago
@Phorcys closed the thread.

Did you find this page helpful?