CODEWITHSUNDEEP
pythonnginxwebsockettornadosockjs
Oleksii M
Oleksii M

Reputation: 1518

Tornado nginx websockets handshake 400 error

The problem is with websocket connection, proxied by nginx from tornado/tornado-sockjs to sockjs client in browser. Without nginx (on local host) things work properly.

Error message in browser when loading page (when sockjs connection initialized):

WebSocket connection to 'ws://my-domain.com/ws/844/blvz89pq/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400

Relevant part of custom nginx config:

location /ws/ {
  proxy_pass         http://127.0.0.1:8888;

  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  proxy_redirect     off;
  proxy_set_header   Host             $host;
  proxy_set_header   X-Real-IP        $remote_addr;
  proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
}

Value of $connection_upgrade from nginx.conf:

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

It looks like tornado-sockjs returns 400 in case if Upgrade header is not set to 'websocket' (code). Indeed, printing headers before if in line 46 gives us value of header Connection=close and no Upgrade presented at all.

Value of dict(self.request.headers)

{
    "Accept-Language": "en-US,en;q=0.8,ru;q=0.6", 
    "Accept-Encoding": "gzip, deflate, sdch", 
    "Sec-Websocket-Key": "*******", 
    "Connection": "close", 
    "X-Real-Ip": "172.17.0.1", 
    "Origin": "http://my-domain.com", 
    "Sec-Websocket-Extensions": "permessage-deflate; client_max_window_bits", 
    "X-Forwarded-For": "172.17.0.1", 
    "Sec-Websocket-Version": "13", 
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36", 
    "Host": "my-domain.com", 
    "X-Forwarded-Proto": "http", 
    "Cookie": "_ym_uid=1456149826627418608; sessionid=0pn2knqey7raw7w4dst9d7vqvtvsmook; csrftoken=0o1lqSW4XCZvvlvYtN4S7Stt53AyKWf6; __utmx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:5.mu9KcCiZSDepsLZ385hDXA$117448007-11:0; __utmxx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:1456307221:15552000.mu9KcCiZSDepsLZ385hDXA$117458007-11:1457421562:15552000; _ym_isad=0; _ga=GA1.2.2002408319.1456149825; JSESSIONID=dummy", 
    "Pragma": "no-cache", 
    "Cache-Control": "no-cache"

}

But inspecting headers from browser shows, that both Connection and Upgrade headers have values, that should be valid for tornado.

Headers from browser:

Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Cache-Control:no-cache
Connection:Upgrade
Cookie:_ym_uid=1456149826627418608; sessionid=0pn2knqey7raw7w4dst9d7vqvtvsmook; __utmx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:5.mu9KcCiZSDepsLZ385hDXA$117448007-11:0; __utmxx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:1456307221:15552000.mu9KcCiZSDepsLZ385hDXA$117448007-11:1457421562:15552000; _ym_isad=0; _ga=GA1.2.2002408319.1456149825; csrftoken=0o1lqSW4XCZvvlvYtN4S7Stt53AyKWf6; JSESSIONID=dummy
Host:my-domain.com
Origin:http://my-domain.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:/zRJijtAtPjjLNJK49SIDQ==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36

My possible suggestion is how/when Tornado parses headers.

UPD: Versions of software used:

1. sockjs-tornado==1.0.2
2. tornado==4.3
3. tornado-redis==2.4.18

Upvotes: 2

Views: 1597

Answers (2)

pinnokio
pinnokio

Reputation: 36

+1 to Riliam answer, but I need to add my 5 cents, as this issue came back recently. So to solve this issue, if you have chief nginx in front of nginx powered docker containers, you need to modify your chief's nginx config.

/etc/nginx/nginx.conf

...
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
...

/etc/nginx/conf.d/virtual-site.conf

8001 – port exposed from docker container

location / {
  proxy_pass         http://127.0.0.1:8001;

  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;

  proxy_redirect     off;
  proxy_set_header   Host             $host;
  proxy_set_header   X-Real-IP        $remote_addr;
  proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
}

Upvotes: 2

Oleksii M
Oleksii M

Reputation: 1518

So the problem was with proxying requests through one more Nginx running outside of Docker container.

Upvotes: 0

Related Questions