Odd behaviour in Websocket - not sure where to begin looking

gmaltby · April 8, 2024, 1:25am

1. The problem I’m having:

I have installed Tactical RMM behind Caddy. Everything is working as expected with one exception; when attempting to upload files via the file browser in MeshCentral. Larger file (over 1K) do not complete.

I have remove Caddy by pointing clients directly at the RMM/MeshCentral server and the upload completes normally.

Looking at the message within the websocket, I see “action”:“uploadstart”, followed by “action”:“uploaddone”.

On a failing upload, I see the start, then 1 or more “action”:“uploadack” but never get an uploaddone. The socket is still live and ping/pongs continue normally.

2. Error messages and/or full log output:

There are no errors reported.

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

I added the via the cloudsmith.io REPO.

a. System environment:

Ubuntu 22.04.4 LTS
systemd 249 (249.11-0ubuntu3.12)

b. Command:

/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

d. My complete Caddy config:

{
	#debug

	log default {
		output file /var/log/caddy/caddy.log {
			roll_size 10
		}
		include http.log.access admin.api
	}
}

example.com {
	# Set this path to your site's directory.
	root * /var/www/caddy

	# Enable the static file server.
	file_server
}

# Proxmox
pve.example.com {
	reverse_proxy https://192.168.1.43:8006 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}

# Remotely
remotely.example.com {
	reverse_proxy http://10.40.3.13:5000
}

# Linkwarden
bookmark.example.com {
	reverse_proxy http://10.40.3.51:3000
}

# Tactical RMM
(trmmcert) {
	tls /etc/caddy/example.com/fullchain1.pem /etc/caddy/example.com/privkey1.pem
}
rmm.example.com {
	import trmmcert
	reverse_proxy /.well-known/acme-challenge/* http://10.40.3.20:2080

	reverse_proxy https://10.40.3.20:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}

api.example.com {
	import trmmcert
	reverse_proxy /.well-known/acme-challenge/* http://10.40.3.20:2080

	reverse_proxy https://10.40.3.20:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}

mesh.example.com {
	import trmmcert
	reverse_proxy /.well-known/acme-challenge/* http://10.40.3.20:2080

	reverse_proxy https://10.40.3.20:443 {
		transport http {
			tls_insecure_skip_verify
		}
	}
	log
}

# Mattermost
https://mattermost.example.com {
	reverse_proxy https:/10.40.3.21:8065 {
		transport http {
			tls
			tls_insecure_skip_verify
		}
	}
}

The certs used for (trmmcert) are valid LetsEncrypt issued certs.

5. Links to relevant resources:

https://meshcentral.com/

francislavoie · April 10, 2024, 6:58pm

I don’t have any suggestion as to how to debug this. I don’t know how this upload is operating. Probably best if the authors of the upstream app you’re proxying to tries to replicate the issue, since they’ll be able to debug what the application is seeing.

gmaltby · April 10, 2024, 7:14pm

Thanks. I appreciate your response.

I am checking with meshcentral also. I guess I wanted to confirm there were no silly errors or oversights in my setup.