caddy: Websocket fails with rancher
1. What version of Caddy are you running (caddy -version)?
0.8.2
2. What are you trying to do?
proxy https://github.com/rancher/rancher
3. What is your entire Caddyfile?
#points to 127.0.0.1, using startssl cert to avoid prompts and dealing with LetsEncrypt
n1.xps15.plus1.io:443 {
tls n1.xps15.plus1.io_bundle.crt n1.xps15.plus1.io.key
proxy / http://192.168.99.100:8999 {
proxy_header Host {host}
proxy_header X-Forwarded-Proto {scheme}
websocket
}
}
n1.xps15.plus1.io:80 {
redir https://{host}{uri}
}
4. How did you run Caddy (give the full command and describe the execution environment)?
./caddy (Caddyfile in current dir with caddy)
5. What did you expect to see?
I expected the backend app to “just work” like it does when proxied by nginx
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream rancher {
server 192.168.99.100:8999;
}
server {
listen 443 ssl;
server_name n1.xps15.plus1.io;
ssl_certificate n1.xps15.plus1.io_bundle.crt;
ssl_certificate_key n1.xps15.plus1.io.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
}
}
server {
listen 80;
server_name n1.xps15.plus1.io;
return 301 https://$server_name$request_uri;
}
}
6. What did you see instead (give full error messages and/or log)?
for some reason websocket headers are not returned - chrome errors log in the console saying header missing. the rancher backend complains about the websocket connection in the logs.
Attempting to view the differences between what nginx sends to the backend and what caddy sends via wireshark proved useless as it was not exactly clear what to look for.
End of the day the situation is, Rancher works fine with nothing proxying it. Rancher works fine with nginx proxying it. Rancher does NOT work with caddy proxing it with the above config. I am not sure if the issue is caddy or rancher as testing with websocketd shows caddy does the correct thing 😕
running with --http2=false made no difference
https://gist.github.com/SoreGums/15ccb9f5de5a171bec6b - extra info where I used websocketd and it worked fine
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 19 (4 by maintainers)
I know this is closed but I don’t see a new issue on it, so I’ll post here.
Wanted to mention that with 0.9.1, we were also trying to proxy Rancher Server with SSL. This seemed to work fine for normal http connections but deployed hosts who tried opening websocket connections back to us would not get through.
Trying 0.9.2 yesterday, this issue seems to have disappeared. Here is the config we are successfully using:
So, afaik, any problems with Rancher behind Caddy (at least using SSL) seem to be gone…
I just did a
go get ...and replaced the executable from getcaddy with the newly built one. Proxied websockets work again like expected.