Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to proxy WebSockets in Traefik?

I'm trying to set up Upsource to work behind Traefik: https://www.jetbrains.com/help/upsource/proxy-configuration.html

traefik is listening to port 8008 and 8443 (since 80/443 will be used for another):

--entryPoints='Name:http Address::8008 Redirect.EntryPoint:https' --entryPoints='Name:https Address::8443 TLS'

docker labels:

labels:
  traefik.backend: upsource
  traefik.enable: "true"
  traefik.port: "8080"
  traefik.frontend.rule: "Host:review.domain.com"

In conf/internal/bundle.properties, base-url is configured as follow:

base-url=https\://review.domain.com\:8443/

problem:

time="2017-09-20T03:23:59Z" level=error msg="Error getting ACME certificates [review.domain.com] : Cannot obtain certificates map[review.domain.com:acme: Error 400 - urn:acme:error:connection - Connection refused
Error Detail:
        Validation for review.domain.com:443

Why it validate for port 443 instead of 8443?

Moreover, to proxy WebSockets in Nginx:

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://upsourcemachine.domain.local:1111;
        proxy_pass_header Sec-Websocket-Extensions;

Can you confirm that Traefik support WebSockets? And if so, how to configure?

like image 639
quanta Avatar asked Sep 20 '17 04:09

quanta


People also ask

Can you proxy Websockets?

WebSocket over a Forward Proxy. WebSocket communication can take successfully take place in the presence of forward proxies, providing the client and proxy server have been configured properly to deal with it.

Does Traefik support Websockets?

Solution. The Traefik 2. x ingress controller does not set the WebSocket headers.

Do proxies support Websockets?

Today, most transparent proxy servers will not yet be familiar with the Web Socket protocol and these proxy servers will be unable to support the Web Socket protocol. In the future, however, proxy servers will likely become Web Sockets-aware and able to properly handle and forward WebSocket traffic.

Do Websockets work through reverse proxy?

WebSocket over a Reverse Proxy. WebSocket communication can take place over any reverse proxy which is configured to perform forwarding at the transport layer. Some proxies are able to handle WebSocket communication from certain clients at the application layer.


1 Answers

Traefik handle websocket, and you don't need any specific configuration for this.

Your problem seems to be more about the challenge in Let's Encrypt. Let's Encrypt doesn't handle TLS Challenge on other port than the default one and the default challenging in Traefik is TLS :(

So you need to configure Traefik to use DNS Challenge https://docs.traefik.io/configuration/acme/

like image 97
Julien SALLEYRON Avatar answered Sep 17 '22 13:09

Julien SALLEYRON