Websockets endpoint troubleshoot

Traefik Traefik v1
1

Hi, I am using 1.7.12 based docker image and I am trying to configure passing websockets calls using ws/wss endpoint through my Django service.

Most of my config is based on labels in a docker-compose.yml.
I'd like to add wss endpoint so that I can open something like.
The ws/s url changes between having secured connection or not.

ws://{my domain.my tld}/ws/chat/ (this is locally with ip and we don't have use SSL connection.

wss://{my domain.my tld}/ws/chat/ (this is on the server having SSL)

I tried the following labels:

  • "traefik.frontend.entryPoints=https,wss" (should I add ws as well?)
  • "traefik.frontend.rule=Host:myhost.mytld; PathPrefix:/" # this one I need for the backend to expose / and api endpoints, I am using Django as the backend service.
  • "traefik.frontend.rule=Host:myhost.mytld; PathPrefix: /manage"
  • "traefik.frontend.passHostHeader=true"
  • "traefik.frontend.redirect.entryPoint=https"

Here is my traefik.toml

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http","ws","wss"]

[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

[backends]
[backends.backend-backend1]
weight = 20
priority = 3

[backends.backend-backend2]
weight = 5
priority = 2

[backends.backend-backend3]
weight = 6
priority = 6
url = "wss://myhost.mytld"

And the Traefik's docker composer service command:

image: traefik:1.7.12
command:
    --api \
    --accessLog.filePath="/logs/access.log" \
    --acme.storage=/acme.json --logLevel=info \
    ${TRAEFIK_ENTRYPOINT_HTTP} ${TRAEFIK_ENTRYPOINT_HTTPS} \
    --defaultentrypoints=${TRAEFIK_DEFAULT_ENTRYPOINTS}
    --acme=${ACME_ENABLE} --acme.entrypoint=https --acme.httpchallenge --acme.httpchallenge.entrypoint=http \
    --acme.domains="${ACME_DOMAINS}" --acme.email="${ACME_EMAIL}" \
    --docker --docker.domain="${DOCKER_DOMAIN}" --docker.endpoint="unix:///var/run/docker.sock" \
    --docker.watch=true --docker.exposedbydefault="true" \
    --file /rules/rules.toml

.env file content:

TRAEFIK_DEFAULT_ENTRYPOINTS=http
TRAEFIK_ENTRYPOINT_HTTP=--entryPoints="Name:http Address::80"
TRAEFIK_ENTRYPOINT_HTTPS=--entryPoints="Name:https Address::443 TLS"

Log errors:

Undefined entry point(s) 'wss' for frontend frontend-wss-core-mydockerproject-wss

error creating Frontend Redirect: unknown target entrypoint "https". Skipping frontend frontend-Host-Myhost-mytld-PathPrefix-0...

If you need any more logs or config sections I'll provide them for you.

Thanks.

2

I believe I solved it.

Instead of gunicorn in my backend docker compose service, I switched to:
CMD [ "daphne", "-p", "8000", "myproj.asgi:application"]
as stated in the Deployment documentation.
This allows switching from HTTPS to WSS inside the existing service, and doesn't require external intervention like passing headers or path rewrites.

Now, whenever I try to open the endpoint through Traefik, it works with WSS as required.
E.g:
wss://{my domain.my tld}/ws/chat/
Tested via external WS testing tool and within the app.

In defaultEntryPoints I removed the "ws","wss" and backends.backend-backend3.

This solution works on both Traefik 1.7 and Trafik 2.6.

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.