Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't connect when behind Nginx proxy

See original GitHub issue

Hey huashengdun.

First, thanks for this wonderful app. It comes very handy.

I run into the following problem, though: webssh works correctly when I connect directly to it (I point my browser to server:8000 in my following example), be it with SSL enabled or not. But if I try to connect when webssh runs behind an Nginx proxy (as detailed in the README), I can never get to a shell… I click “Connect”, the site hangs for a second and just goes idle again.

Hereafter is the command I used to run webssh along with the related debug logs.

COMMAND PROMPT > $ python2 /<path>/webssh/run.py --address='0.0.0.0' --port=8000 --policy=reject --logging=debug
[D 191105 19:39:46 policy:29] {'autoaddpolicy': <class 'webssh.policy.AutoAddPolicy'>, 'rejectpolicy': <class 'paramiko.client.RejectPolicy'>, 'warningpolicy': <class 'paramiko.client.WarningPolicy'>}
[I 191105 19:39:46 settings:98] RejectPolicy
[I 191105 19:39:46 main:39] Listening on 0.0.0.0:8000 (http)
[D 191105 19:39:50 handler:204] netloc: <server_name>
[D 191105 19:39:50 handler:207] host: <server_name>
[D 191105 19:39:50 handler:148] Reset offset to 0.
[I 191105 19:39:50 handler:150] Parsing RSA key
[D 191105 19:39:50 handler:389] (u'<hostname>', 22, u'<user>', u'', <paramiko.rsakey.RSAKey object at 0xb6dd8e8c>)
[I 191105 19:39:50 handler:422] Connecting to <hostname>:22
[D 191105 19:39:50 transport:1819] starting thread (client mode): 0xb7150f0cL
[D 191105 19:39:50 transport:1819] Local version/idstring: SSH-2.0-paramiko_2.6.0
[D 191105 19:39:50 transport:1819] Remote version/idstring: SSH-2.0-OpenSSH_8.1
[I 191105 19:39:50 transport:1819] Connected (version 2.0, client OpenSSH_8.1)
[D 191105 19:39:50 transport:1819] kex algos:[u'curve25519-sha256', u'curve25519-sha256@libssh.org', u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group16-s
ha512', u'diffie-hellman-group18-sha512', u'diffie-hellman-group14-sha256', u'diffie-hellman-group14-sha1'] server key:[u'rsa-sha2-512', u'rsa-sha2-256', u'ssh-rsa', u'ecdsa-sha2-nistp256', u'ssh-ed25519'] client encrypt:[u'chacha20-poly
1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com', u'aes256-gcm@openssh.com'] server<>```
 encrypt:[u'chacha20-poly1305@openssh.com', u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'aes128-gcm@openssh.com
', u'aes256-gcm@openssh.com'] client mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@openssh.com', u'umac-128@opens
sh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] server mac:[u'umac-64-etm@openssh.com', u'umac-128-etm@openssh.com', u'hmac-sha2-256-etm@openssh.com', u'hmac-sha2-512-etm@openssh.com', u'hmac-sha1-etm@openssh.com', u'umac-64@o
penssh.com', u'umac-128@openssh.com', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-sha1'] client compress:[u'none', u'zlib@openssh.com'] server compress:[u'none', u'zlib@openssh.com'] client lang:[u''] server lang:[u''] kex follows?False
[D 191105 19:39:50 transport:1819] Kex agreed: curve25519-sha256@libssh.org
[D 191105 19:39:50 transport:1819] HostKey agreed: ecdsa-sha2-nistp256
[D 191105 19:39:50 transport:1819] Cipher agreed: aes128-ctr
[D 191105 19:39:50 transport:1819] MAC agreed: hmac-sha2-256
[D 191105 19:39:50 transport:1819] Compression agreed: none
[D 191105 19:39:50 transport:1819] kex engine KexCurve25519 specified hash_algo <built-in function openssl_sha256>
[D 191105 19:39:50 transport:1819] Switch to new keys ...
[I 191105 19:39:50 handler:71] Trying publickey authentication
[D 191105 19:39:50 transport:1819] userauth is OK
[I 191105 19:39:50 transport:1819] Authentication (publickey) successful!
[D 191105 19:39:50 channel:1212] [chan 0] Max packet in: 32768 bytes
[D 191105 19:39:50 transport:1819] Received global request "hostkeys-00@openssh.com"
[D 191105 19:39:50 transport:1819] Rejecting "hostkeys-00@openssh.com" global request from server.
[D 191105 19:39:50 transport:1819] Debug msg: /home/<user>/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
[D 191105 19:39:50 channel:1212] [chan 0] Max packet out: 32768 bytes
[D 191105 19:39:50 transport:1819] Secsh channel 0 opened.
[D 191105 19:39:51 channel:1212] [chan 0] Sesch channel 0 request ok
[D 191105 19:39:51 channel:1212] [chan 0] Sesch channel 0 request ok
[D 191105 19:39:51 channel:1212] [chan 1] Max packet in: 32768 bytes
[D 191105 19:39:51 channel:1212] [chan 1] Max packet out: 32768 bytes
[D 191105 19:39:51 transport:1819] Secsh channel 1 opened.
[D 191105 19:39:51 channel:1212] [chan 1] Sesch channel 1 request ok
[D 191105 19:39:51 channel:1212] [chan 1] Sesch channel 1 request ok
[D 191105 19:39:51 channel:1212] [chan 1] EOF sent (1)
[D 191105 19:39:51 handler:411] '$SHELL -ilc "locale charmap"' => 'UTF-8\r\n'
[I 191105 19:39:51 web:2162] 200 POST / (<client_ip>) 878.86ms
[D 191105 19:39:51 channel:1212] [chan 1] EOF received (1)
[D 191105 19:39:51 handler:204] netloc: <server_name>
[D 191105 19:39:51 handler:207] host: <server_name>
[I 191105 19:39:51 web:2162] 101 GET /ws?id=3072742252 (<client_ip>) 4.66ms
[I 191105 19:39:51 handler:506] Connected from <client_ip>:47714                           // until here, everything's fine.
[I 191105 19:39:51 handler:552] Disconnected from <client_ip>:47714                        // but here, the connection is lost...
[I 191105 19:39:51 worker:115] Closing worker 3072742252 with reason: client disconnected
[D 191105 19:39:51 channel:1212] [chan 0] EOF sent (0)
[D 191105 19:39:51 transport:1819] EOF in transport thread
[I 191105 19:39:51 worker:122] Connection to <hostname>:22 lost
[D 191105 19:39:51 worker:125] {}

As you can see, the connection to the websocket is dropped as soon as the SSH connection is established. I should add that sometimes, the client fails to fetch some resources (404 on GET /static/css/bootstrap.min.css.map for instance). This never happens while connecting directly to webssh.

I guess I’m missing something here, any assistance would be very much appreciated. 😃

Thanks.

Issue Analytics

State:
Created 4 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

MasterKTOcommented, Nov 9, 2019

OK, turns out that the proxy_http_version 1.1 directive did the trick. This is quite weird as I can see in my logs that all connections are set in HTTP/1.1… Anyway. Thanks for your help!

0reactions

huashengduncommented, Nov 10, 2019

OK, turns out that the proxy_http_version 1.1 directive did the trick. This is quite weird as I can see in my logs that all connections are set in HTTP/1.1… Anyway. Thanks for your help!

I guess you checked http requests version on client side not on server side.

By default Nginx uses version 1.0 for proxy_http_version directive. As it is not a keep-alive connection so the webssh server closes it immediately after the Websocket connection is established.