Tweet
Websocket with SSL reverse proxy is not working correctly
Hi everyone,
i have a problem connecting to the websocket in my espocrm instance.
The current setup is based on a docker container VM with FPM configuration (nginx-mysql-espocrm-websocket-daemon). The VM is behind a reverse proxy which handles the SSL connection; I followed the configuration reported in the documentation https://docs.espocrm.com/administrat...t/#ssl-support but the problem persists.
When the application was not behind the http reverse proxy everything works fine.
Can you help me? What's wrong?
docker-compose.yml
conf nginx reverse proxy
log reverse proxy
i have a problem connecting to the websocket in my espocrm instance.
Code:
WebSocket connection to 'wss://mydomain/?authToken=0586c18e2007cc616c1869bbd2282062&userId=63d912a067faaa322' failed:
When the application was not behind the http reverse proxy everything works fine.
Can you help me? What's wrong?
docker-compose.yml
Code:
version: "3.8"
services:
mysql:
image: mysql:8
container_name: mysql
command: --default-authentication-plugin=mysql_native_password
environment:
MYSQL_ROOT_PASSWORD: mypsw
MYSQL_DATABASE: espocrm
MYSQL_USER: espocrm
MYSQL_PASSWORD: mypsw
volumes:
- mysql:/var/lib/mysql
restart: always
ports:
- "33060:3306"
networks:
- internal
- external
nginx:
image: nginx:mainline
container_name: nginx
volumes:
- ./data/nginx/conf.d/:/etc/nginx/conf.d/
- ./data/espocrm:/var/www/html
- ./data/nginx/logs:/var/log/nginx
restart: always
ports:
- "80:80"
networks:
- external
espocrm:
image: espocrm/espocrm:fpm
container_name: espocrm
environment:
ESPOCRM_DATABASE_HOST: mysql
ESPOCRM_DATABASE_USER: espocrm
ESPOCRM_DATABASE_PASSWORD: mypsw
ESPOCRM_ADMIN_USERNAME: Admin
ESPOCRM_ADMIN_PASSWORD: mypsw
ESPOCRM_SITE_URL: "https://mydomain/"
volumes:
- espocrm:/var/www/html
restart: always
networks:
- external
- internal
espocrm-daemon:
image: espocrm/espocrm:fpm
container_name: espocrm-daemon
volumes:
- espocrm:/var/www/html
restart: always
entrypoint: docker-daemon.sh
networks:
- external
- internal
espocrm-websocket:
image: espocrm/espocrm:fpm
container_name: espocrm-websocket
environment:
ESPOCRM_CONFIG_USE_WEB_SOCKET: "true"
ESPOCRM_CONFIG_WEB_SOCKET_URL: "wss://mydomain"
# ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBSCRIBER_DSN: "tcp://*:7777"
# ESPOCRM_CONFIG_WEB_SOCKET_ZERO_M_Q_SUBMISSION_DSN: "tcp://espocrm-websocket:7777"
volumes:
- espocrm:/var/www/html
restart: always
entrypoint: docker-websocket.sh
ports:
- 8081:8080
networks:
- external
- internal
networks:
external:
external: true
internal:
external: false
volumes:
mysql:
driver: local
driver_opts:
type: "none"
o: "bind"
device: "/var/www/espocrm/data/mysql/data"
espocrm:
driver: local
driver_opts:
type: "none"
o: "bind"
device: "/var/www/espocrm/data/espocrm"
conf nginx reverse proxy
Code:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream webosocket {
server ip-VM:8081;
}
server {
listen reverse-ip1:80;
listen reverse-ip2:80;
server_name mydomain;
rewrite ^/(.*) https://mydomain/$1 permanent;
}
server {
listen reverse-ip1:443 ssl;
listen reverse-ip2:443 ssl;
server_name mydomain;
proxy_set_header X-Forwarded-Port 443;
resolver 127.0.0.1;
ssl_certificate /usr/local/ssl/certs/fullchain.pem;
ssl_certificate_key /usr/local/ssl/private/star2.domaint.key;
ssl_dhparam /usr/local/ssl/private/dhparam.pem;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass http://ip-VM;
}
location /wss {
proxy_pass https://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 12h;
}
access_log /var/log/nginx/mydomain-access.log;
error_log /var/log/nginx/mydomain-error.log;
}
Code:
10.10.123.108 - - [17/Feb/2023:13:17:10 +0100] "GET /?authToken=970f5768dca2318272d33f0e7fb39dd8&userId=63d912a067faaa322 HTTP/1.1" 200 990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.10.123.108 - - [17/Feb/2023:13:17:16 +0100] "GET /?authToken=970f5768dca2318272d33f0e7fb39dd8&userId=63d912a067faaa322 HTTP/1.1" 200 990 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" 10.10.123.108 - - [17/Feb/2023:13:17:22 +0100] "GET /?authToken=970f5768dca2318272d33f0e7fb39dd8&userId=63d912a067faaa322 HTTP/1.1" 200 991 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
Comment