Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 3
This error typically occurs in a setup where the Kubernetes API server, Rancher server, or another
service requiring WebSocket connections is behind a proxy or SSL termination device that does not fully support WebSocket connections.
Here’s how you can address this issue:
1. Verify Proxy/WebSocket Support
Check Proxy Configuration: Ensure the proxy server supports WebSocket connections (ws:// and wss://). Popular proxies like Nginx, HAProxy, or Traefik need explicit configurations to allow WebSockets.
Nginx Configuration for WebSockets: Add the following in your Nginx configuration:
location / {
proxy_pass http://your-backend-service;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
HAProxy Configuration for WebSockets: Ensure option http-server-close and http-request
set-header are configured:
frontend fe_websocket
bind *:443 ssl crt /path/to/certificate.pem
mode http
option http-server-close
http-request set-header X-Forwarded-Proto https
acl is_websocket hdr(Upgrade) -i WebSocket
use_backend be_websocket if is_websocket
backend be_websocket
mode http
server server1 127.0.0.1:8080
For Traefik, enable WebSocket support via middleware.
2. Configure SSL/TLS If you're using SSL termination at the proxy, ensure:
o The SSL certificate is valid and not self-signed (or properly added to trusted CA).
o The connection between the proxy and backend server uses a proper protocol (HTTP or HTTPS).
o The backend server expects HTTP or HTTPS based on how the proxy forwards requests.
3. Enable CORS if Necessary
If the WebSocket server is accessed from a different domain or subdomain, Cross-Origin
Resource Sharing (CORS) should be configured on the backend.
4. Check Browser and Network
Clear browser cache or try in incognito mode.
Ensure no corporate firewall or browser extension is blocking WebSocket traffic.
5. Debug Logs
On Rancher/Kubernetes: Check logs for errors in the rancher or kube-apiserver pods that might indicate a configuration issue.
On Proxy Server: Look for denied or dropped WebSocket connection attempts.
6. Test WebSocket
Use a tool like wscat to test the WebSocket connection:
wscat -c ws://your-websocket-server
7. Additional Rancher Configuration
If you're using Rancher, ensure the following settings:
Use a NodePort or LoadBalancer service for Rancher instead of default ingress.
Set the CATTLE_AGENT_CONNECT environment variable to ensure agents can connect:
env:
- name: CATTLE_AGENT_CONNECT value: "true"
If the problem persists, please share more details about your setup (e.g., proxy server type, SSL/TLS setup, Kubernetes ingress, etc.) for further troubleshooting.
