Wss configuration

Traefik Traefik v2
1

Hey everyone!

I'm new to traefik and using it through Kamal deployment tool. I have configured SSL for domain but still can't fix the connection to WSS. It simply doesn't connect to websocket and I receive "connection refused". I can't see any errors or at least I don't know where to look for it.

That's how my config looks like:

    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"
    entryPoints.web.http.redirections.entryPoint.to: websecure
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true
    entrypoints.websecure.http.tls: true
    entrypoints.websecure.http.tls.domains[0].main: "subdomain.domain.com"
    certificatesResolvers.letsencrypt.acme.email: "myemail@.com"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web
2

WSS should work like regular https. Is the request using the regular domain and port?

3

yep, 443 port for https
what I can see in logs that request is coming but code 301 from traefik and request never reaches app server

4

Enable Traefik access log in JSON format to see if target service ("OriginStatus") or Traefik ("DownstreamStatus") returns "301 Moved Permanently".

5

Sure, mate. That's what I have

{"ClientAddr":"93.84.32.43:18405","ClientHost":"93.84.32.43","ClientPort":"18405","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":301,"Duration":1382421,"OriginContentSize":0,"OriginDuration":1338821,"OriginStatus":301,"Overhead":43600,"RequestAddr":"subdomain.domain.com","RequestContentSize":0,"RequestCount":14,"RequestHost":"subdomain.domain.com","RequestMethod":"GET","RequestPath":"/cable","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"domain@docker","ServiceAddr":"172.17.0.4:3000","ServiceName":"subdomain.domain.com@docker","ServiceURL":{"Scheme":"http","Opaque":"","User":null,"Host":"172.17.0.4:3000","Path":"","RawPath":"","OmitHost":false,"ForceQuery":false,"RawQuery":"","Fragment":"","RawFragment":""},"StartLocal":"2024-07-20T11:18:12.233894005Z","StartUTC":"2024-07-20T11:18:12.233894005Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2024-07-20T11:18:12Z"}
6

I have also added such labels as:

traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: https
traefik.http.routers.app-secure.middlewares: sslheader@docker

and after it I have started to receive 301, before it was 404

7

OriginStatus is 301, so the target service is returning the redirect, nothing Traefik can do about that.

Make sure the target service itself is correctly configured with the domain/path you use.

Some applications (like Wordpress) will always redirect to the original configured URL. It’s always trouble to move them later to a new (sub-) domain.

Note that most forward headers are set automatically by Traefik.

Check browser developer tools network tab to see where to the redirect is sending you.

8

That's weird because I can't see any request in logs in my web app (rails).
so, it looks like request never reaches my rails app server

9

I didn’t write the code of Traefik and I didn’t check it, but so far in my experience OriginStatus was only set when the target service responded, otherwise it was 0, when Traefik created the error.

10

interesting, hm
from where I get this redirect if it's not from traefik..

11

From the target service in Docker the request is proxied/forwarded to.