Reverse proxying on-prem space produces web socket error.

I am currently reverse-proxying my jetbrains space under NGINX with cloudflare proxying as well for SSL.

My config looks like:

server {
    server_name space.nucker.me;
    listen 443 ssl;

    add_header Strict-Transport-Security max-age=31536000;

    location / {
            proxy_pass    http://192.168.0.213:8084;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    Host      $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_http_version 1.1;

    }

    ssl_certificate     /etc/ssl/certs/nucker.me.pem;
    ssl_certificate_key /etc/ssl/certs/nucker.me.key.pem;
}

However I get these websocket errors after signing in:

Firefox can’t establish a connection to the server at wss://space.nucker.me/api/v1/connect?token=redacted&session=redacted&client=Browser&timezone=Europe%2FLondon.
5 comments
Comment actions Permalink

Hey man, u need to change ur reverse proxy to something like that

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_pass http://localhost:8084/;
      proxy_redirect off;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }

0
Comment actions Permalink

Now I get this error and can't get to the login page

index.a813e3d5a17b086d0f52.js:1 WebSocket connection to 'wss://space.nucker.me/api/v1/connect?token=eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI0VUVTUEUydGdmUzkiLCJhdWQiOiJjaXJjbGV0LXdlYi11aSIsIm9yZ0RvbWFpbiI6ImpldGJyYWlucyIsInNjb3BlIjoiKioiLCJuYW1lIjoiTnVja2VyIiwiaXNzIjoiaHR0cHM6XC9cL3NwYWNlLm51Y2tlci5tZSIsInByaW5jaXBhbF90eXBlIjoiVVNFUiIsImV4cCI6MTY2NjU0MTE1MiwiaWF0IjoxNjY2NTQwNTUyLCJzaWQiOiIxYkZFa2EwMWhnekQifQ.TKzyQFYz7bDKskosgmkAQjiLzLe5GR0Uwzrhx1iEAXitwN3-Vccs7O13rzZ87XHC4jZZ0_rcbKEcV7EY507CCf8KiQa206SYFkQt4W-h4xKPUB8SMi1zIrft_1ujcnPBJ05wVeJwatnnWkf_7tqXU1zArnmckW1GJybW...DadnXVRgDnDKvX_srfEVEYhvL9f7o00X4T7o7HyFmuWPJHiLBEhYyJW2eOAiMvQ2x_20tzYclU96B4MwprxiHt1yvCLTvwMpT-VWXI1icDWFdYOpzxhuaUmJ1HMnURIB1HZb1iakJLl2FSGplgReSehzoeVYVgJ2-m5VzeuiuyLv5EXtk1Va9MXuo4ShweAG1sH2nN30Ly6QuPdD_YKs92hRiuCdec3tmg1vbNwsRU21GHE0F2uM1zljVNc7AM32fYPmJjX6ruFrSkmpr39amE85AKn36qQdoK7uaqy6GzbFGhkXdVKU2GG5ovUrg4DNmebzrwuHwj5-5GbI9MictGJIBRfem6_kvFhOaT6POm5lA&session=0c86c2bafac7475ca378f8670dd21fb7e6d9708869d3be89a9270baaf38fa179&features=AAUPf9%2F%2F%2Fg%3D%3D&client=Browser&timezone=Europe%2FLondon' failed: 
0
Comment actions Permalink

I currently have a similar setup with Nginx as my reverse proxy except hat I am getting an IllegalStateException with the message "Unhandled client error while routing, Invalid JWT payload, Are you using an ad blocker? It might be interfering with your ability to access Space."  Anybody have an idea what might cause this?  I am using the default configs generated by the init-configs command.  Or at least how do I enable verbose debug output in Space so that I can see what is going on in the backend?  Thank you for all your help.

0
Comment actions Permalink

Pawel, I contacted you in the support ticket asking for more information about the case. Once the issue is resolved, I'll post an update with the root cause description here.

0
Comment actions Permalink

I was facing the same error. Are You already logged in at internal address? For me simply clearing cookies for Space domains resolved this error.

0

Please sign in to leave a comment.