Hi all,
I'm trying to set up VSCode behind my traefikv2 container. Unfortunately I get a WebSocket 1006 error every time.
I did some research and for the information I found like adding (as mentioned here: https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732):
traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = https
But it didn't do anything. So I'm wondering if there is something missing in my configuration or something? Here is my traefik config file and my middlewares (the important parts):
networks:
t2_proxy:
external:
name: t2_proxy
default:
driver: bridge
socket_proxy:
external:
name: socket_proxy
########################### SECRETS
########################### EXTENSION FIELDS
# Common environment values
x-environment: &default-tz-puid-pgid
TZ: $TZ
PUID: $PUID
PGID: $PGID
# Keys common to some of the services in basic-services.txt
x-common-keys-apps: &common-keys-apps
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
restart: unless-stopped
# profiles:
# - core
########################### SERVICES
services:
vscode:
<<: *common-keys-apps # See EXTENSION FIELDS at the top
image: lscr.io/linuxserver/code-server:latest
container_name: vscode
volumes:
- $DOCKERDIR/appdata/vscode/config:/config
environment:
<<: *default-tz-puid-pgid
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.vscode-rtr.entrypoints=https"
- "traefik.http.routers.vscode-rtr.rule=Host(`code.$DOMAINNAME`)"
## Middlewares
- "traefik.http.routers.vscode-rtr.middlewares=chain-no-auth@file"
## HTTP Services
- "traefik.http.routers.vscode-rtr.service=vscode-svc"
- "traefik.http.services.vscode-svc.loadbalancer.server.port=8443"
http:
middlewares:
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
middlewares-https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
customFrameOptionsValue: "allow-from https:ooest.ch"
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "same-origin"
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,nofollow,noindex"
server: ""
customRequestHeaders:
X-Forwarded-Proto: "https"
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
ls:
options:
tls-opts:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
# EntryPoints configuration -v2.2 and higher for global redirect
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
#scheme: https
https:
address: ":443"
http:
tls:
options: tls-opts@file
certResolver: le
domains:
- main: "example.com"
sans:
- "*.example.com"
traefik:
address: ":8080"
# Providers configuration
providers:
docker:
endpoint: "tcp://socket-proxy:2375"
exposedByDefault: false
network: "t2_proxy"
swarmMode: false
file:
directory: "/rules"
watch: true
I didn't find anything suspicious in the logs.
Thanks for your help!