Rocket.chat: iOS App Connection not working
Hi,
I have set up RocketChat using snaps on a Ubuntu 18.04.1 LTS system.
After installing RocketChat I installed nginx 1.14.0 and configured it following this manual:
https://rocket.chat/docs/installation/manual-installation/configuring-ssl-reverse-proxy/
now my nginx configuration looks like this:
`
Upstreams
upstream backend {
server 127.0.0.1:3000;
}
HTTPS Server
server {
listen 443;
server_name rocket.act-crm-addon.com;
# You can increase the limit if your need to.
client_max_body_size 200M;
error_log /var/log/nginx/rocketchat.access.log;
ssl on;
ssl_certificate /etc/ssl/act-crm-addon/fullchain.pem;
ssl_certificate_key /etc/ssl/act-crm-addon/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2; # don鈥檛 use SSLv3 ref: POODLE
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
`
I tried to curl it and it actually seems to work for Websockets:
`> GET /websocket HTTP/1.1
Host: rocket.act-crm-addon.de
User-Agent: insomnia/6.2.3
Cookie: connect.sid=s%3AN6nlhUydHixY1W0r1kgnY56sJcj-bUBf.R8WjGhIQ8xsIbqCrgz%2Fg4xj5AQkFt7ogGz7ZzbE1dQE
Connection: Upgrade
Upgrade: websocket
Origin: rocket.act-crm-addon.de
Sec-WebSocket-Key: fVXESE8fjBMx8HheW0YlZQ==
Sec-WebSocket-Version: 13
Accept: /
< HTTP/1.1 101 Switching Protocols
< Server: nginx/1.14.0 (Ubuntu)
< Date: Fri, 30 Nov 2018 10:27:19 GMT
< Connection: upgrade
< Upgrade: websocket
< Sec-WebSocket-Accept: dyU1fPKS9c9nPGo2mPsrQv40G9E=
- TLSv1.2 (IN), TLS alert, Client hello (1):
- Received 0 B chunk
- Empty reply from server
- Connection #0 to host rocket.act-crm-addon.de left intact`
Unfortunatly I cannot connect using the iOS app.
I tried to connect to "open.rocket.chat" to make sure the app is fine and it works but "rocket.act-crm-addon.de" does not work.
Any ideas on how to fix it ?
FabianZimbalev
All 17 comments
@FabianZimbalev Does your server supports WebSocket?
rafaelks
on 30 Nov 2018
@rafaelks which server exactly do you mean ?
- Nginx: Supports WebSocket Proxy since v 1.3, I am on 1.14 which should support websocket
- RocketChat: I guess so, haven麓t found any setting to enable/disable WebSocket so I guess it麓s enabled
- Ubuntu: Since WebSocket is just a standard defined over HTTP I don麓t think that Ubuntu has something to do with that so I guess there麓s nothing to support for Ubuntu.
Best regards,
Fabian
FabianZimbalev
on 30 Nov 2018
@FabianZimbalev Can you share your URL with us? I can check if WebSockets are enabled or not.
rafaelks
on 30 Nov 2018
@rafaelks https://rocket.act-crm-addon.de
FabianZimbalev
on 30 Nov 2018
@FabianZimbalev Looks like your setup is almost ready, but you're not finishing the request to upgrade the connection. Your web client is also using polling:
> Meteor.connection._stream.socket.protocol
> "xhr-polling"
Look at the request to use WebSockets:
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: rocket.act-crm-addon.de" -H "Origin: rocket.act-crm-addon.de" -H "Sec-WebSocket-Key: fVXESE8fjBMx8HheW0YlZQ==" -H "Sec-WebSocket-Version: 13" https://rocket.act-crm-addon.de/websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 30 Nov 2018 15:55:45 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dyU1fPKS9c9nPGo2mPsrQv40G9E=
curl: (52) Empty reply from server
@rafaelks is there a manual or kb or something to fix it ?
Unfortunatly I don麓t know too much about websocket, I just want to connect from outside to out RocketChat server using the iOS app.
FabianZimbalev
on 30 Nov 2018
@FabianZimbalev The documentation here should cover everything. I'm adding @RocketChat/cloud here in case we're missing something. 馃憤
rafaelks
on 30 Nov 2018
yeah i'd take a look at docs because looks like you have websocket support in lb but its not getting proxied through. The nginx config we have in our docs will work.
geekgonecrazy
on 1 Dec 2018
Hi. I have similar problem.
- Can't connect from Android. like this.
- Cant't connect websocket from chrome.
WebSocket connection to 'wss://chat.robo.suzuka.io/sockjs/454/wd6rknyk/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
Environment
| URL | https://chat.robo.suzuka.io |
| - | - |
| Version | 0.72.0 |
| Node version | v8.11.3 (and v8.11.4 tried) |
| OS | Ubuntu 18.04 LTS |
|Proxy | Nginx 1.14.0 |
- Nginx configuration
upstream rocketchat {
server 127.0.0.1:3500;
}
server {
listen 80;
server_name chat.robo.suzuka.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name chat.robo.suzuka.io;
client_max_body_size 100M;
ssl_certificate /etc/letsencrypt/live/chat.robo.suzuka.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.robo.suzuka.io/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://rocketchat/;
proxy_http_version 1.1;
# for websocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connetion "upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 86400;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
- Curl
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: rocket.act-crm-addon.de" -H "Origin: chat.robo.suzuka.io" -H "Sec-WebSocket-Key: fVXESE8fjBMx8HheW0YlZQ==" -H "Sec-WebSocket-Version: 13" https://chat.robo.suzuka.io/websocket
HTTP/2 302
server: nginx
date: Sat, 01 Dec 2018 10:19:51 GMT
content-type: text/plain; charset=utf-8
content-length: 28
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-language: en-US
location: /login
vary: Accept
set-cookie: connect.sid=s%3ARVk3ilfydZFewB9xZYtM6o2KRUrFhiXs.1Us2VLmpOIPYbefMZcEjR8tBJhUhsu%2BNXFRKLr27mtA; Path=/; Expires=Mon, 31 Dec 2018 10:19:51 GMT; HttpOnly
I did everything I could think of.
But I can't solve problem.
What should I do next?
myomyomyoi
on 1 Dec 2018
I see http2 included here in config. I don鈥檛 recall that being part of tutorial config. Can you change that back to http and give a try? Odds are that鈥檚 not it. But at this point process of elimination.
geekgonecrazy
on 1 Dec 2018
Oh sorry. I had big mistake about curl. I forgot to change Host.
There is correct result.
- curl result wih HTTP2
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: chat.robo.suzuka.io" -H "Origin: chat.robo.suzuka.io" -H "Sec-WebSocket-Key: fVXESE8fjBMx8HheW0YlZQ==" -H "Sec-WebSocket-Version: 13" https://chat.robo.suzuka.io/websocket
HTTP/2 400
server: nginx
date: Sat, 01 Dec 2018 17:27:11 GMT
- curl result with HTTP/1.1
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: chat.robo.suzuka.io" -H "Origin: chat.robo.suzuka.io" -H "Sec-WebSocket-Key: fVXESE8fjBMx8HheW0YlZQ==" -H "Sec-WebSocket-Version: 13" https://chat.robo.suzuka.io/websocket
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 01 Dec 2018 17:26:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Not a valid websocket request
Thanks for advice.
I disabled http2 but problem was not solved.
myomyomyoi
on 1 Dec 2018
I solved this problem with this nginx conf.
upstream rocketchat {
server 127.0.0.1:3500;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name chat.robo.suzuka.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name chat.robo.suzuka.io;
client_max_body_size 100M;
ssl_certificate /etc/letsencrypt/live/chat.robo.suzuka.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.robo.suzuka.io/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://rocketchat;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
location ~ "/sockjs/[\d]{3}/[\w]{8}/websocket" {
proxy_pass http://rocketchat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 7d;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Origin '';
proxy_buffers 256 16k;
proxy_buffer_size 16k;
}
location /websocket {
proxy_pass http://rocketchat;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 7d;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Origin '';
proxy_buffers 256 16k;
proxy_buffer_size 16k;
}
}
Thanks for sharing! If this differs from documentation would be awesome to update it so others will not run into this problem
geekgonecrazy
on 2 Dec 2018
Great! Let's close the issue in this case! Thanks for the help @geekgonecrazy! 馃憤
rafaelks
on 3 Dec 2018
Actually, I could not fix the issue with the configuration specified above.
Is there a particular reason to set the port of the upstream to 3500 ?
This nginx config always gives me 502 bad gateway.
Best regards,
Fabian
FabianZimbalev
on 4 Dec 2018
for future people: the connection header has to have a capital Upgrade. I did Connection: upgrade instead of Connection: Upgrade and it failed on iOS but not on desktop.
binary-person
on 9 Jul 2020
People are likely going to run into this issue if they used the guide from https://www.nginx.com/blog/websocket-nginx/
http {
map $http_upgrade $connection_upgrade {
default upgrade; <=== WRONG
'' close;
}
upstream websocket {
server 192.168.100.10:8010;
}
...more code...
Related issues
neha1deshmukh
路
3Comments
ghost
路
3Comments
Buzzele
路
3Comments
marceloschmidt
路
3Comments
engelgabriel
路
3Comments
Most helpful comment
I solved this problem with this nginx conf.