Reverse Proxy Setup - ERROR 502 /wss/

chrisb · November 14, 2018, 1:22pm

Trying to implement CA Cert on our Sangfor HCI self-signed cert web GUI (https to https). Login is working fine, can see the GUI interface of the hypervisor, only thing not working is the console view of the VM’s.

What I have tried:

example.domain.com {
gzip
proxy / https://example.domain.com {
insecure_skip_verify
}

Error output:

[ERROR 502 /wss/] net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x1f\x8b\b\x00\x00\x00\x00\x00\x00\x03uQ\xbdN\xc30\x10\xde\xfd\x14G\xe7R\x17$6+\x03m\x10\x95Z\xa8D\x18\x18\x9d\xe4\x9aX\x8a}\xc59\x17\xe5\xed\xb1\x93PX\xd8l\xdf\xf7\xebS7\xdb\xd7M\xf1q\xcc\xe1\xb98\xec\xe1\xf8\xfe\xb8\xdfm`q+\xe5./\x9e\xa4\xdc\x16\xdbir\xbfZK\x99\xbf,2\xa1Z\xb6]\xa6Z\xd4u\xbc\xb0\xe1\x0e\xb3\x87\xf5\x1av\x8e\xd1;\xdd\xc1\x1b\xfa\vz?'\xaf\xe4\x04\x10J\x8e\x04UR=$\x8d\xbb\xec\x1f|\x9c\bu?\x16\xa1\x9f\x06\xe8*

Error from log:

"GET /wss/?proxystr=%07R%C3%5EUaQb%D5%7BXJ%D1%8Bj%E2%C09%A9%24%D6%98%2A%3A%2AW%8C%26%3B%C4%8C%F1g%BA%1A%F3w%C2%A7%12BX%8B%0F%AA1%BB%CE%E9%BC%5D-G%25b%5C%8F%E1%BB%A5%196%C7%C2k%FE%F3%9AC%D4%23%C3%21%5C%84%3Ehzb%B3rt%5Bd%95%81xir%07%CB%A6w%0D%5Dyu%E1%1Ek%84%94%06%C2%C0%0CjO%B8%A1.%EC%D8%B7%C9r%7B%BC%9A%9A%D2%E4%3A0%1Ea%A6%EA%F5%15K%8B%0A%DF%C6%3D%22%85%CBv%5Du%C4y%2F%8A%A7%3A%B2%16%FEx%87%09%A5%92%E0%FD%18%12Z%BDT%0D%2B%7C%DE%AA%223%A7%5D%84-m%AF%0Dd%96%9E%FB%04%1F%1A%DA%3D%D9%C1%1A%A8KB%10V%29%AE%5D%3ESxP%AC%15%FC%9C%002%8EY0%F6%D0~%97%AE%D8%8D%12%82I%C7d%5C%F0q%40%22%D1%23%9A%D7N%29%91%B29%CB%A1v%CA%85%AC%83%9B%FF%EAx%DF%F5%A9%A0jYn%9F%CB HTTP/1.1" 502 40

Any help would be appreciated!

Whitestrake · November 14, 2018, 1:58pm

Hi @chrisb, welcome to the Caddy community.

Guessing it’s using a web socket for the console view?

Does adding the websocket preset to the proxy have any effect?

chrisb · November 14, 2018, 2:13pm

Hi @Whitestrake

Added it but not working, getting the same error. When inspecting the console that is open in my browser I can see it is using some sort of plugin or wrapper? Not too clued up on this.

<div id="vmp-console-wrapper" class="unselectable" style="width: 1365px;"><div id="vmp-console-header" class="vmp-console-header">
<div class="vmp-console-maintain vmp-toolbar">

Whitestrake · November 14, 2018, 2:15pm

Does the vendor provide any working example configuration for reverse proxying their GUI via any other modern web server? Might help to look at what they do.

I doubt that HTML is related to the 502s, those IDs and classes are generally just used for page layout and styling.

chrisb · November 14, 2018, 2:27pm

I have requested the vendor for the information, hopefully they have something.

After looking more in detail the console just looks like noVNC.

Whitestrake · November 14, 2018, 2:33pm

Yeah, makes sense. noVNC uses websockets for transport. Caddy does support this, and I’m unfamiliar with that particular error. Will be interesting to see if they recommend configuring nginx or Apache with some kind of esoteric setting to make things work, but I’m not sure what that would be if it is the case.

chrisb · November 15, 2018, 8:20am

The vendor (Sangfor) replied but unfortunately they do not have any recommendations. They did confirm that the console is embedded to HTTPS port 443.

chrisb · November 15, 2018, 10:08am

Also seeing the following errors from my browser on the blank console:

New state 'loaded', was 'disconnected'. Msg: noVNC ready: native WebSockets, canvas rendering m-console-8d71270c8ac98c29.js:4:20568
New state 'connect', was 'loaded'.

New state 'failed', was 'disconnect'. Msg: Disconnect timeout

Firefox can’t establish a connection to the server at wss://example.domain.com/wss/?proxystr=K%B5%D6%E0%A0%3B%A5v%93%0E%BBJ%CF%8F%D0%2C%1D%9F%BD%1AH%BA%94%C8%85%40E%C3L%C4%CA%C4io%3A%81%A6%19%A35%B1%B3%60%8Fi%3F%80%84%1B%BC%F0%A7%93%2FR%97%BE%A8%2F%2Bb%83%C0%CEB%01%23%D2%F0M%E2%F0%2Bv%02%84%EB%CD%EE%CEB%D5%A0%C3%8E%28%5D%AA%851%5B%8B%AAz%01%EFc%C6%21%8F%9D3%82q%B4%CCs%DDN%96%2CVq%F0%9F%26%955S3%22V%24%07%09%88%3Bg%C4%CE~%B3%C0AKJ%D2%D3G%12%FA%CD%25%81%A8%E0%98%00%92%FC%98%D3%F3z%3D%0B%D3%3D%1A%80%95vH%FF%04%C5%0D%E7Ch%E0%22%BD%D2%AB%F9LWNH%E22%FF%3BO%96%81%26%C8%A3j%B8%01%AD%8A1f%23H%27%C9%85%EF%CBw%86%09%C3%E1%22%1A%11%8B%01%CFv%1E~g%AF9S%E0%14%A1%8C%A1%29%E0%C0%5CIq%97%EB%C2%3F%D0%12%FCpOmQ%20%FD%23%89g%1Dj%07i%92%21P.

New state 'failed', was 'connect'. Msg: Connect timeout

The connection to wss://proxytest.sc10.co.za/wss/?proxystr=K%B5%D6%E0%A0%3B%A5v%93%0E%BBJ%CF%8F%D0%2C%1D%9F%BD%1AH%BA%94%C8%85%40E%C3L%C4%CA%C4io%3A%81%A6%19%A35%B1%B3%60%8Fi%3F%80%84%1B%BC%F0%A7%93%2FR%97%BE%A8%2F%2Bb%83%C0%CEB%01%23%D2%F0M%E2%F0%2Bv%02%84%EB%CD%EE%CEB%D5%A0%C3%8E%28%5D%AA%851%5B%8B%AAz%01%EFc%C6%21%8F%9D3%82q%B4%CCs%DDN%96%2CVq%F0%9F%26%955S3%22V%24%07%09%88%3Bg%C4%CE~%B3%C0AKJ%D2%D3G%12%FA%CD%25%81%A8%E0%98%00%92%FC%98%D3%F3z%3D%0B%D3%3D%1A%80%95vH%FF%04%C5%0D%E7Ch%E0%22%BD%D2%AB%F9LWNH%E22%FF%3BO%96%81%26%C8%A3j%B8%01%AD%8A1f%23H%27%C9%85%EF%CBw%86%09%C3%E1%22%1A%11%8B%01%CFv%1E~g%AF9S%E0%14%A1%8C%A1%29%E0%C0%5CIq%97%EB%C2%3F%D0%12%FCpOmQ%20%FD%23%89g%1Dj%07i%92%21P was interrupted while the page was loading.

Whitestrake · November 15, 2018, 12:54pm

Huh, I wonder if it’s not a timeout thing?

Could try adding timeout 600 to your proxy directive.

chrisb · November 15, 2018, 1:09pm

thanks for the assistance. I added it, but immediately getting the same errors on my browser.

example.domain.com {

	proxy / https://xxx.xxx.xxx.xxx {
		insecure_skip_verify
		transparent
		websocket
		timeout 600s
	}

log c:\caddy\log.log
}

Here is the website/console when connecting directly with my browser:

[ajax] jquery request fail：The cloud management platform is not configured yet. 
util-90b6c467dfdb475c.js:9:237
You are running Vue in development mode.
Make sure to turn on production mode when deploying for production.
See more tips at https://vuejs.org/guide/deployment.html vue.js:4:3261
>> changeCursor, x: 2, y: 2, w0: 8, h0: 8 m-console-8d71270c8ac98c29.js:4:20568
New state 'loaded', was 'disconnected'. Msg: noVNC ready: native WebSockets, canvas rendering m-console-8d71270c8ac98c29.js:4:20568
New state 'connect', was 'loaded'. m-console-8d71270c8ac98c29.js:4:20568
New state 'ProtocolVersion', was 'connect'. Msg: Starting VNC handshake m-console-8d71270c8ac98c29.js:4:20568
rfb_state:ProtocolVersion m-console-8d71270c8ac98c29.js:4:20568
New state 'Security', was 'ProtocolVersion'. Msg: Sent ProtocolVersion: 003.008 m-console-8d71270c8ac98c29.js:4:20568
rfb_state:Security m-console-8d71270c8ac98c29.js:4:20568
New state 'Authentication', was 'Security'. Msg: Authenticating using scheme: 1 m-console-8d71270c8ac98c29.js:4:20568
rfb_state:Authentication m-console-8d71270c8ac98c29.js:4:20568
New state 'SecurityResult', was 'Authentication'. m-console-8d71270c8ac98c29.js:4:20568
rfb_state:SecurityResult m-console-8d71270c8ac98c29.js:4:20568
New state 'ClientInitialisation', was 'SecurityResult'. Msg: Authentication OK m-console-8d71270c8ac98c29.js:4:20568
rfb_state:ClientInitialisation m-console-8d71270c8ac98c29.js:4:20568
New state 'ServerInitialisation', was 'ClientInitialisation'. Msg: Authentication OK m-console-8d71270c8ac98c29.js:4:20568
rfb_state:ServerInitialisation m-console-8d71270c8ac98c29.js:4:20568
New state 'normal', was 'ServerInitialisation'. Msg: Connected (encrypted) to: Sangfor (DCEXCMB02) m-console-8d71270c8ac98c29.js:4:20568
mouseCaptured:true m-console-8d71270c8ac98c29.js:4:20568
mouseCaptured:false m-console-8d71270c8ac98c29.js:4:20568

Here is the browser though caddy:

[ajax] jquery request fail：The cloud management platform is not configured yet. 
util-90b6c467dfdb475c.js:9:237
You are running Vue in development mode.
Make sure to turn on production mode when deploying for production.
See more tips at https://vuejs.org/guide/deployment.html vue.js:4:3261
>> changeCursor, x: 2, y: 2, w0: 8, h0: 8 m-console-8d71270c8ac98c29.js:4:20568
New state 'loaded', was 'disconnected'. Msg: noVNC ready: native WebSockets, canvas rendering m-console-8d71270c8ac98c29.js:4:20568
New state 'connect', was 'loaded'. m-console-8d71270c8ac98c29.js:4:20568
Firefox can’t establish a connection to the server at wss://example.domain.com/wss/?proxystr=%D8%0Ac%1D%9Dp%24%C7%8FT-%96%14mL%A3%89%AF%17%B4%D3%FB%18%0A%90%AC%5C%90%7DHS%16%AF%24%B61%8F%98%98%A4%FE%8D%22%82%24%5D%7Dr%7F%FB%5C%81%D7%29%F7%8E%22%85u%F5%EF%7C%D1%7Cq%DE%C6h%8F%F8%B2NoL%A4%C6%BF%A5Q%19%10%1C%1C%FC%C4%D9%CF8%DD%03x%C4%92Y%EC%A2%2C%E88%E2%DB%8E%C0rp%FEZe%F8%E5%DF%B9Q%E5%00%BD%F6V%23wr%85%28o%EC%2C%17%EA%89U%3E%01%B8%FBE%C4%FB%08%11%8A%06%02p%A8%E4%C6%B7%5Ekh%25%CDY%B4u%2C%F1%7D%BC%09z%95%D3%3B%24%A9F%BAS%99%D6%E71%9F%C3%8C%E8f%BB%AA%A0%80%BA%E1c%40%C7%2B%175%1B%99Z%A8%AD%F5v%07i%3CH%FB%02%145%B8f%DCX%11%C7Q%ED%0E%CF%D0%09%CA%CA%CFg%7D%EDW%B8I%88qF%88X%DE%BE%9CV%A4%19%12%25%F5%87%B4%B9k%9B%B5%94%92%84%EF%99%0By%E5H%A1. m-console-8d71270c8ac98c29.js:3:2598
WebSocket on-error event m-console-8d71270c8ac98c29.js:4:20568
New state 'disconnect', was 'connect'. Msg: Disconnecting m-console-8d71270c8ac98c29.js:4:20568
New state 'failed', was 'disconnect'. Msg: Disconnect timeout m-console-8d71270c8ac98c29.js:4:20617

chrisb · November 15, 2018, 1:47pm

Got it working with NGINX.

system · February 13, 2019, 1:47pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.