Skip to content

Reverse proxy Issue Related to Security Header (V2 Preview) #925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
weikai opened this issue Aug 21, 2019 · 11 comments
Closed

Reverse proxy Issue Related to Security Header (V2 Preview) #925

weikai opened this issue Aug 21, 2019 · 11 comments
Labels
docs Documentation related

Comments

@weikai
Copy link

weikai commented Aug 21, 2019
edited
Loading

  • code-server version: 2.preview.7-vsc1.37.0
  • OS Version: Ubuntu

Description

The reverse proxy on V2 Preview doesn't work. It looked like there're issues with ws forwarding.

Error during WebSocket handshake: Invalid status line

Error: HTTP/1.1 400 Bad Request
at ve.preHandleWebSocket (/src/build/code-server2.preview.8-vsc1.37.0-linux-x86_64-built/out/vs/server/src/cli.js:413:924)
at ve. (/src/build/code-server2.preview.8-vsc1.37.0-linux-x86_64-built/out/vs/server/src/cli.js:411:549)
at Generator.next ()
at /src/build/code-server2.preview.8-vsc1.37.0-linux-x86_64-built/out/vs/server/src/cli.js:16:979
at new Promise ()
at r (/src/build/code-server2.preview.8-vsc1.37.0-linux-x86_64-built/out/vs/server/src/cli.js:16:756)
at Server.onUpgrade (/src/build/code-server2.preview.8-vsc1.37.0-linux-x86_64-built/out/vs/server/src/cli.js:411:501)
at Server.emit (events.js:189:13)
at onParserExecuteCommon (_http_server.js:552:14)
at onParserExecute (_http_server.js:500:3)
@weikai weikai added the bug Something isn't working label Aug 21, 2019
@coadler coadler added the v2 label Aug 30, 2019
@Sociopacific
Copy link

Sociopacific commented Sep 11, 2019
edited
Loading

Same problem

@fbartels
Copy link

Hmm, I'm on 2.preview.11-vsc1.37.0 and dont have a problem with my reverse proxy (Nginx), also still using exactly the same config as the with last final release.

@weikai
Copy link
Author

weikai commented Sep 13, 2019
edited
Loading

I'm using apache2 for reversed proxy server. The same configuration works for codeserver V1 but not V2.

RewriteEngine on
UseCanonicalName on
ProxyPreserveHost on
ProxyRequests off

RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443

RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.) ws://192.168.19.11:9000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.) http://192.168.19.11:9000/$1 [P,L]

#ProxyPass / http://192.168.19.11:9000/
#ProxyPassReverse / http://192.168.19.11:9000/

@sr229
Copy link
Contributor

sr229 commented Sep 13, 2019

I don't think its our fault, you misconfigured your proxy hence this error appears. I can't replicate this issue at all at nginx and Apache

@weikai
Copy link
Author

weikai commented Sep 14, 2019

I'm using the Apache configuration documented at https://github.com/cdr/code-server/blob/master/doc/quickstart.md. It works perfectly fine on V1 but not V2 preview

Reverse proxy config
image

The ws request should return 101 but returned 200 http status code
image

Same Apache reversed proxy config works fine on code-server code-server V1
image

@sr229
Copy link
Contributor

sr229 commented Sep 14, 2019

@weikai You might need to do the debug yourself then PR a fixed config.

@waclaw66
Copy link

waclaw66 commented Sep 14, 2019
edited
Loading

I have the same problem and I suspect that the problem is not in the Apache proxy config.
While accessing the code server directly without a proxy, it responds to the upgrade to websocket (?reconnectionToken) correctly by code 101. But accessing via proxy doesn't respond at all (using Fifrefox) or returns 200 with message Error during WebSocket handshake: Invalid status line (using Chrome) in my case. The question is why? The only thing what debug log of code server shows while upgrade request is:
HTTP/1.1 400 Bad Request

@sr229
Copy link
Contributor

sr229 commented Sep 14, 2019

I have the same problem and I suspect that the problem is not in the Apache proxy config.
While accessing the code server directly without a proxy, it responds to the upgrade to websocket (?reconnectionToken) correctly by code 101. But accessing via proxy doesn't respond at all (using Fifrefox) or returns 200 with message Error during WebSocket handshake: Invalid status line (using Chrome) in my case. The question is why? The only thing what debug log of code server shows while upgrade request is:
HTTP/1.1 400 Bad Request

I suggest debugging it and see if its really code-server. I have never encountered this on GCP so I don't think it'd be an issue.

@weikai
Copy link
Author

weikai commented Sep 14, 2019

@sr229 Can you share your Apache2 configuration that you tested was working? I'm trying to figure out the differences. I've been Googling and testing different Apache2 configurations for 3 weeks but none of them have worked.

@sr229
Copy link
Contributor

sr229 commented Sep 14, 2019

@weikai I used nginx so I was not able to reproduce it. I tried Apache breifly from the docs and it should work fine as well. I'll go raise this issue to the team to see if its really from our side.

@weikai
Copy link
Author

weikai commented Sep 15, 2019

Thank you @sr229. I'm able to get Nginx working on the same testing server with no problem as well. However, my production server has to use Apache2 for various reasons. It will be great to get Codeserver V2 working with Apache2 reverse server.

@sr229 sr229 added docs Documentation related and removed bug Something isn't working v2 labels Sep 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@fbartels @weikai @coadler @Sociopacific @sr229 @waclaw66