Websocket error 1006 with VSCode

Hi all,

I'm trying to set up VSCode behind my traefikv2 container. Unfortunately I get a WebSocket 1006 error every time.

I did some research and for the information I found like adding (as mentioned here: https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732):

traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto = https

But it didn't do anything. So I'm wondering if there is something missing in my configuration or something? Here is my traefik config file and my middlewares (the important parts):

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge
  socket_proxy:
    external:
      name: socket_proxy

########################### SECRETS

########################### EXTENSION FIELDS
# Common environment values
x-environment: &default-tz-puid-pgid
  TZ: $TZ
  PUID: $PUID
  PGID: $PGID

# Keys common to some of the services in basic-services.txt
x-common-keys-apps: &common-keys-apps
  networks:
    - t2_proxy
  security_opt:
    - no-new-privileges:true
  restart: unless-stopped
  # profiles:
  # - core

########################### SERVICES
services:
  vscode:
    <<: *common-keys-apps # See EXTENSION FIELDS at the top
    image: lscr.io/linuxserver/code-server:latest
    container_name: vscode
    volumes:
      - $DOCKERDIR/appdata/vscode/config:/config
    environment:
      <<: *default-tz-puid-pgid
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.vscode-rtr.entrypoints=https"
      - "traefik.http.routers.vscode-rtr.rule=Host(`code.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.vscode-rtr.middlewares=chain-no-auth@file"
      ## HTTP Services
      - "traefik.http.routers.vscode-rtr.service=vscode-svc"
      - "traefik.http.services.vscode-svc.loadbalancer.server.port=8443"
http:
  middlewares:
    middlewares-rate-limit:
      rateLimit:
        average: 100
        burst: 50

    middlewares-https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true

    middlewares-secure-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        customFrameOptionsValue: "allow-from https:ooest.ch"
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: "same-origin"
        permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,nofollow,noindex"
          server: ""
        customRequestHeaders:
          X-Forwarded-Proto: "https"
http:
  middlewares:
    chain-no-auth:
      chain:
        middlewares:
          - middlewares-rate-limit
          - middlewares-https-redirectscheme
          - middlewares-secure-headers
ls:
  options:
    tls-opts:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
# EntryPoints configuration -v2.2 and higher for global redirect

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          #scheme: https
  https:
    address: ":443"
    http:
      tls:
        options: tls-opts@file
        certResolver: le
        domains:
          - main: "example.com"
            sans:
              - "*.example.com"
  traefik:
    address: ":8080"
# Providers configuration

providers:
  docker:
    endpoint: "tcp://socket-proxy:2375"
    exposedByDefault: false
    network: "t2_proxy"
    swarmMode: false
  file:
    directory: "/rules"
    watch: true

I didn't find anything suspicious in the logs.
Thanks for your help!

It seems that this topic has a similar problem to mine: Changed behavior on WebSockets between 2.7.1 and 2.7.2, that it comes from the v2.7.2 and latest. So I downgraded to the 2.7.1 and my problem was solved.

As I want to keep with the most recent updates, I will keep looking what causes this. Maybe it comes from this merge: RedirectScheme redirects based on X-Forwarded-Proto header by moutoum · Pull Request #9121 · traefik/traefik · GitHub?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.