Spring WebSocket: Handshake failed due to invalid Upgrade header: null

Question

I am using wss (secured web sockets) with spring from backend and STOMP for javascript client.

Does anyone knows why a get:

Handshake failed due to invalid Upgrade header: null

Answer 1

I had same error message when I'm test websocket on Kotlin +SpringBootTest.

Error says, that I forgot add HttpHeader with name "Upgrade" and other ws-headers.

I use this headers and problem is gone:

        val headers = HttpHeaders()
        headers["Upgrade"] = listOf("websocket")
        headers["Connection"] = listOf("Upgrade")
        headers["Sec-WebSocket-Version"] = listOf("13")

Answer 2

DefaultHandshakeHandler - "Handshake failed due to invalid Upgrade header: null"

here the URL should contain the port number

example: ws:// or wss://{baseUrl}:8080/your websocket endpoint

and use these commands on the server to enable proxy

$ sudo a2enmod proxy
$ sudo service apache2 restart
$ sudo a2enmod proxy_wstunnel
$ sudo service apache2 restart

you may read this article https://github.com/spring-projects/spring-framework/issues/16978#issuecomment-453418847

Answer 3

this post seems closed, but I don't found an exact solution here so I will post for future needes

I resolved with reverse proxy configuration (in my case apache httpd)

at first you have to enable some mods in httpd.conf

LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule rewrite_module modules/mod_rewrite.so

then go into your virtual host configuration and use this rules

RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) "ws://[YOUR_URL]:[YOUR_PORT]/$1" [P,L]

obviously substitute [YOUR_URL] and [YOUT_PORT] with real url and port, and substitute "ws" with "wss" if you are using secure web socket

that's all!

if you have done the right things in your server you can read the following headers

upgrade: WebSocket
connection: Upgrade

Answer 4

the following solution works for me

<VirtualHost _default_:443>
    
    ServerName my.app
    ServerAdmin admin@my.app
    DocumentRoot /var/www/html
    SSLCertificateFile ...
    SSLCertificateKeyFile ...
    SSLCertificateChainFile ...
    
    ProxyPreserveHost on
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Forwarded-Port 443
    
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade}^websocket$ [NC,OR]
    RewriteCond %{HTTP:Connection}^upgrade$ [NC]
    RewriteRule .* wss:/127.0.0.1:8081%{REQUEST_URI} [P,QSA,L]
    RewriteCond %{REQUEST_URI} ^/api/wsendpoint/%{var1}/%{var2}/websocket [NC,OR]

    ....
    
</VirtualHost>

I hope, that helps... The solution above is part of the following link: https://forum.mattermost.org/t/solved-apache2-reverseproxy-with-websocket-https/437/3

Answer 5

I met the same problem with nginx https proxy to tomcat. This is because I haven't support the wss request. To support the wss request, I use the config like below:

# WebSocketSecure SSL Endpoint
#
# The proxy is also an SSL endpoint for WSS and HTTPS connections.
# So the clients can use wss:// connections 
# (e.g. from pages served via HTTPS) which work better with broken 
# proxy servers, etc.

server {
    listen 443;

    # host name to respond to
    server_name ws.example.com;

    # your SSL configuration
    ssl on;
    ssl_certificate /etc/ssl/localcerts/ws.example.com.bundle.crt;
    ssl_certificate_key /etc/ssl/localcerts/ws.example.com.key;

    location / {
        # switch off logging
        access_log off;

        # redirect all HTTP traffic to localhost:8080
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # WebSocket support (nginx 1.4)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}