Proxy using websocket (?) failing

Traefik Traefik v3 (latest)
1

I am trying to proxy an application that uses a combination of static web page, websockets, and the "onion" interface library (GitHub - davidmoreno/onion: C library to create simple HTTP servers and Web Applications.). The static part forwards fine, but the websocket content does not come through -- there is supposed to be an animated display of radio spectrum, and an audio stream, and neither appears when viewing the website via the proxy, though the site works fine when viewed directly on the same browser. A clue is that when I try to start the audio stream there is an error

Uncaught DOMException: The operation is insecure.
init https://ka9q-web.febo.com/radio.js:237
EventListener.handleEvent* https://ka9q-web.febo.com/radio.js:266

which leads me to think that there might be some sort of TLS issue. I am not sure where to go from here to troubleshoot this further. Any suggestions would be greatly appreciated!

2

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

3

Here is docker-compose.yml:

root@mware:/opt/traefik# cat docker-compose.yml
services:
  traefik:
    container_name: "traefik"
    image: "traefik:v3.2"
    restart:  unless-stopped

    ports:
      - "80:80/tcp"
      - "443:443/tcp"
      - "443:443/udp"   # HTTPS via HTTP/3 QUIC UDP
      - "8080:8080"     # management web UI
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/opt/traefik/letsencrypt:/letsencrypt"
      - "/opt/traefik/traefik.yml:/traefik.yml"
      - "/opt/traefik/dynamic_conf:/dynamic_conf"
    networks:
      - cloudflared-traefik
      - backend
    env_file: ".dns-token"
       

networks:
  cloudflared-traefik:
    external: true
  backend:
    external: true

Here is traefik.yml:

root@mware:/opt/traefik# cat traefik.yml
log:
  level:  INFO

global:
  checkNewVersion: true
  sendAnonymousUsage: false


entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"
    http:
      tls:
        certResolver: letsencrypt
        domains:
          - main: "febo.com"
            sans:
              - "*.febo.com"

api:
  dashboard: true
  # insecure: true  # Only for local access/testing; remove in production

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

  file:
    directory: "dynamic_conf"
    watch: true

certificatesResolvers:
  letsencrypt:
    acme:
      email: jra@febo.com   # Replace with your email for Let's Encrypt
      storage: /letsencrypt/acme.json  # Path to store certificates
      dnschallenge:
        provider: cloudflare
        delayBeforeCheck: 5
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

And here is the dynamic file for the router:

root@mware:/opt/traefik/dynamic_conf# cat ka9q-web.yml
# http routing section
http:
  routers:
    router3:
      entryPoints:
        - "websecure"
      rule: "Host(`ka9q-web.febo.com`)"
      service: ka9q-web-service

  services:
    ka9q-web-service:
      loadBalancer:
        servers:
          - url: "http://10.73.8.20:8081"

Thanks for reviewing!

4

The problem was solved by a change in the server application. The web socket was being created as an insecure socket with "ws://". Changing that to "wss://" makes everything work fine.

5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.