Changed behavior on WebSockets between 2.7.1 and 2.7.2

Traefik Traefik v2
1

Hi all,

not sure if this is a misconfiguration on my side but with version 2.7.1 and before I had no problems with websockets. But with 2.7.2 and above it is not working anymore. It might be related to the changes with this PR

with v2.7.1 it was like:

image
image1698×804 93 KB

with v2.7.2 and above it becomes (see the wrong location https://wss://)

image
image1580×828 97.8 KB

I did no config changes on my side...

my static config looks like:

global:
  checkNewVersion: false
  sendAnonymousUsage: false

pilot:
    dashboard: false

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"
    http:
      tls: {}
  web-admin:
    address: ":9080"
  web-admin-secure:
    address: ":9443"
    http:
      tls: {}
  postgres:
    address: ":5432"
  postgres-tls:
    address: ":5443"
  redis:
    address: ":6379"
  mqtt-websockets-tls:
    address: ":8043"
  mqtt-tcp-tls:
    address: ":8143"
  mqtt-tcp-ntls:
    address: ":8180"
  mongodb:
    address: ":27017"
  homebridge-mdns:
    address: ":53063"

providers:
  file:
    filename: /etc/traefik/traefik_dynamic.yml
    watch: true
  docker:
    watch: true
    exposedByDefault: false

api:
  insecure: false
  dashboard: true
  debug: false

log:
  level: DEBUG

my dynamic like:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/ssl/my.domain/fullchain.pem
        keyFile: /etc/ssl/my.domain/key.pem

http:
  routers:
      api:
        entryPoints:
          - "web"
          - "web-secure"
        rule: Host(`traefik.my.domain`)
        service: api@internal
        middlewares:
          - https_redirect

  middlewares:
    https_redirect:
      redirectScheme:
        scheme: https
        port: "443"
    https_admin_redirect:
      redirectScheme:
        scheme: https
        port: "9443"

the lables of docker compose of gotify (which uses the websocket) looks like:

    labels:
      traefik.enable: true
      traefik.http.routers.notifications.middlewares: 'https_redirect@file'
      traefik.http.routers.notifications.rule: 'Host(`notifications.my.domain`)'
      traefik.http.routers.notifications.entrypoints: 'web, web-secure'
      com.centurylinklabs.watchtower.enable: true

any help is appreciated - currently I downgraded to 2.7.1 but actually I want to keep pace with latest :slight_smile:

If any further information is required please ket me know I will provide (I didn't posted the traefik compose as this is more or less default I guess...)

Thanks,
Marcus

1 Like
2

Hello,

I just ran into the same issue. Since Traefik 2.7.2 no websocket connections can be established if the redirectscheme middleware is active. The issue can easily be reproduced by spinning up a Traefik/whoami container and websocat or wscat.

On 2.7.2 or above with redirectscheme middleware:

websocat wss://whoami.example.com/echo
websocat: WebSocketError: Received unexpected status code (301 Moved Permanently)
websocat: error running

On 2.7.1 with redirectscheme middleware or 2.7.2 and above without redirectscheme middleware:

websocat wss://whoami.example.com/echo
Test
Test

So instead of a 101 Switching Protocols it returns a 301 redirect even if we are on a secure scheme (wss) already.

3

GitHub issue was raised - thanks for that!

3 Likes