Reverse proxying on-prem space produces web socket error.

I am currently reverse-proxying my jetbrains space under NGINX with cloudflare proxying as well for SSL.

My config looks like:

server {
    server_name space.nucker.me;
    listen 443 ssl;

    add_header Strict-Transport-Security max-age=31536000;

    location / {
            proxy_pass    http://192.168.0.213:8084;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    Host      $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $http_host;
            proxy_http_version 1.1;

    }

    ssl_certificate     /etc/ssl/certs/nucker.me.pem;
    ssl_certificate_key /etc/ssl/certs/nucker.me.key.pem;
}

However I get these websocket errors after signing in:

Firefox can’t establish a connection to the server at wss://space.nucker.me/api/v1/connect?token=redacted&session=redacted&client=Browser&timezone=Europe%2FLondon.
0
8 comments

Hey man, u need to change ur reverse proxy to something like that

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-NginX-Proxy true;
      proxy_pass http://localhost:8084/;
      proxy_redirect off;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }

0

Now I get this error and can't get to the login page

index.a813e3d5a17b086d0f52.js:1 WebSocket connection to 'wss://space.nucker.me/api/v1/connect?token=eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI0VUVTUEUydGdmUzkiLCJhdWQiOiJjaXJjbGV0LXdlYi11aSIsIm9yZ0RvbWFpbiI6ImpldGJyYWlucyIsInNjb3BlIjoiKioiLCJuYW1lIjoiTnVja2VyIiwiaXNzIjoiaHR0cHM6XC9cL3NwYWNlLm51Y2tlci5tZSIsInByaW5jaXBhbF90eXBlIjoiVVNFUiIsImV4cCI6MTY2NjU0MTE1MiwiaWF0IjoxNjY2NTQwNTUyLCJzaWQiOiIxYkZFa2EwMWhnekQifQ.TKzyQFYz7bDKskosgmkAQjiLzLe5GR0Uwzrhx1iEAXitwN3-Vccs7O13rzZ87XHC4jZZ0_rcbKEcV7EY507CCf8KiQa206SYFkQt4W-h4xKPUB8SMi1zIrft_1ujcnPBJ05wVeJwatnnWkf_7tqXU1zArnmckW1GJybW...DadnXVRgDnDKvX_srfEVEYhvL9f7o00X4T7o7HyFmuWPJHiLBEhYyJW2eOAiMvQ2x_20tzYclU96B4MwprxiHt1yvCLTvwMpT-VWXI1icDWFdYOpzxhuaUmJ1HMnURIB1HZb1iakJLl2FSGplgReSehzoeVYVgJ2-m5VzeuiuyLv5EXtk1Va9MXuo4ShweAG1sH2nN30Ly6QuPdD_YKs92hRiuCdec3tmg1vbNwsRU21GHE0F2uM1zljVNc7AM32fYPmJjX6ruFrSkmpr39amE85AKn36qQdoK7uaqy6GzbFGhkXdVKU2GG5ovUrg4DNmebzrwuHwj5-5GbI9MictGJIBRfem6_kvFhOaT6POm5lA&session=0c86c2bafac7475ca378f8670dd21fb7e6d9708869d3be89a9270baaf38fa179&features=AAUPf9%2F%2F%2Fg%3D%3D&client=Browser&timezone=Europe%2FLondon' failed: 
0

I currently have a similar setup with Nginx as my reverse proxy except hat I am getting an IllegalStateException with the message "Unhandled client error while routing, Invalid JWT payload, Are you using an ad blocker? It might be interfering with your ability to access Space."  Anybody have an idea what might cause this?  I am using the default configs generated by the init-configs command.  Or at least how do I enable verbose debug output in Space so that I can see what is going on in the backend?  Thank you for all your help.

0

Pawel, I contacted you in the support ticket asking for more information about the case. Once the issue is resolved, I'll post an update with the root cause description here.

0

I was facing the same error. Are You already logged in at internal address? For me simply clearing cookies for Space domains resolved this error.

0

I'm also having an issue with logging into Space when its running behind Nginx reverse proxy. Any news on this issue?

 
index.fafdb698def9d27a88cf.js:1 WebSocket connection to 'wss://space.hypti.com/api/v1/connect?token=eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiI0M01PUFQzcVNjc1ciLCJhdWQiOiJjaXJjbGV0LXdlYi11aSIsIm9yZ0RvbWFpbiI6InNwYWNlIiwic2NvcGUiOiIqKiIsIm5hbWUiOiJhZG1pbiIsImlzcyI6Imh0dHA6XC9cL3NwYWNlLmh5cGVydHJpbml0eS5jb20iLCJwcmluY2lwYWxfdHlwZSI6IlVTRVIiLCJleHAiOjE2ODAxNzkyNDksImlhdCI6MTY4MDE3ODY0OSwic2lkIjoiMzRUWmhBMmx1YXplIn0.fw563qG89CwF-dbQWZyX_lcKRyu1v_liudAucCo8qovmAVA2Zg3d9bY3teaTtmJxiEckKFI0n0Qlc6oNRUFiV1Ju_yIt8yfaLKffiEHCLhhU-BCT4TuoM5WmLFdrjeoLAnbRB40PPXzY6tjdnpI189s0tWxt...EEskuv3twLBbg7nGcHc59ZLFH3VG6i4YGaYfUqDk3RRT3u_-_yvuM2EsBezPdI_Y-XyAQpIVqWacPY6yDye2WSstxlyEVCbLMFpU1wy8w2fPIrz7kliGSJ7mc3_5a8Q3Iya--99bSzoLxXZxZTLxPFBM7vrDmzwYFNQjYWt-xY36aAOjtgSpw8h3SfOQyGwCJlUCCjYqdMMAuHVgjWEqLyn5FPPIb8dEulAfQI1xQKiNKLMFRUtya-AXFUpBdNlj6lZ8iy8TSjiHw&session=a54b32d35ac9717b0a603ef714b54c771491d8a3b9ab8d1397532934d2070973&features=AAYf%2F3%2Ff%2F%2F4%3D&timezone=Europe%2FWarsaw&client=Browser&client_os=Windows&client_browser=Chrome&client_browser_ver=111.0.0.0&client_device_type=Desktop' failed:
uE @ index.fafdb698def9d27a88cf.js:1
eE.createWebSocket_bmdn1m$$default @ index.fafdb698def9d27a88cf.js:1
ed.createWebSocket_bmdn1m$ @ index.fafdb698def9d27a88cf.js:1
Jl @ index.fafdb698def9d27a88cf.js:1
ph.createConnection_0 @ index.fafdb698def9d27a88cf.js:1
$h.doResume @ index.fafdb698def9d27a88cf.js:1
ph.reconnectCycle_0 @ index.fafdb698def9d27a88cf.js:1
dh.doResume @ index.fafdb698def9d27a88cf.js:1
Ri.resumeWith_tl1gpc$ @ index.fafdb698def9d27a88cf.js:1
na @ index.fafdb698def9d27a88cf.js:1
ia @ index.fafdb698def9d27a88cf.js:1
Qt.dispatchResume_0 @ index.fafdb698def9d27a88cf.js:1
Qt.resumeImpl_0 @ index.fafdb698def9d27a88cf.js:1
Qt.resumeUndispatched_hyuxa3$ @ index.fafdb698def9d27a88cf.js:1
(anonymous) @ index.fafdb698def9d27a88cf.js:1
1

Tiritto, could it be possible that your nginx configuration doesn't have the following headers included?

      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";

 

0

Please sign in to leave a comment.