Websocket problems

Hello :slight_smile:

I've spent a week trying to figure out why my browser's console throws:

WebSocket connection to 'wss://domain.com/ws' failed
WebSocket connection to 'wss://domain.com:6042/' failed

I'm using docker compose.
I have containers running behind Traefik on the same docker network, one of them is a websocket container, and one nginx container for serving static content.
All incoming requests are https. Websocket is listening on port 6042.

I've tried these labels on my websocket container, without any success:

  - "traefik.ws.websock.rule=Host(`domain.com`) && Headers(Connection,Upgrade)"
  - "traefik.ws.port=6042"
  - "traefik.ws.protocol=https"

I've tried setting up like this too:

  - "traefik.http.routers.websock.rule=Host(`domain.com`) && PathPrefix(`/ws`)"
  - "traefik.http.routers.websock.entrypoints=wss"
  - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
  - "traefik.http.routers.websock.middlewares=sslheader"

On the Traefik container:

  - "--entrypoints.wss.address=:6042"

Couldnt get it working.
I've searched through stackoverflow, also here in the forums, but no luck.
Any idea, what am I doing wrong?

Thanks! :smiley:

Not sure where you got this from, but it does not seem to be a part of Traefik v2, according to the docs.

I would expect that you do not need any Websocket specific configuration in Traefik, it seems to work with just a regular http/https configuration.

WebSocket "is designed to work over HTTP ports 443 and 80 as well as to support HTTP proxies and intermediaries", thus making it compatible with HTTP. (Wikipedia)

In general I recommend to enable Traefik debug logs and access logs, furthermore check the Traefik dashboard to see the current configuration.

It helps if you post your full Traefik static and dynamic configuration, and docker-compose.yml if used.

I've literally tried everything :smiley: That was one of the hundred tries.
Then I dont need to put it on different entrypoint, I just need to set 443 as entrypoint of the websocket container? My websocket container is on port 6042.
I've dig up the debug logs already, in this case the dashboard didnt help too.


version: '2'
    container_name: websocket
    image: websocket:latest
    user: 0:0
      - "6042"
      - "traefik.enable=true"
      - "traefik.http.routers.websock.rule=Host(`domain.com`) && PathPrefix(`/ws`)"
      - "traefik.http.routers.websock.entrypoints=wss"
      - my_network

      - "80"
    image: nginx:alpine
      - /var/nginx:/etc/nginx/conf.d
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.rule=Host(`domain.com`) && PathPrefix(`/static`)"
      - "traefik.http.routers.nginx.entrypoints=websecure"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=myresolver"
      - my_network

    image: "traefik:v2.8"
    container_name: "traefik"
      - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=my_network"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.wss.address=:6042"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=user@domain.com"
      - "--certificatesresolvers.myresolver.acme.storage=/etc/letsencrypt/acme.json"
      - "80:80"
      - "443:443"
      - "6042:6042"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/var/letsencrypt:/etc/letsencrypt"
      - my_network

Yes, you should be able to run es on the regular SSL port, the services will be routed to by domain and path. Just make sure your ws service is listening on websecure and you have the labels for TLS in place.