-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"disconnected" when opening a web client session #1637
Comments
This cryptic error message can occur if an admin is attempting to put a local Apache 2.x Proxy in front of teleport-proxy's web UI, where the Apache config does not explicitly support websockets (wss). Folks tend to do this within enterprise environments so that end-users can access a vanity https URL without having to specify port :3080. (Or there may be firewalls in place that restrict traffic to 443) |
yeah, let's improve error message in 2.5.1 |
If somebody come here looking for the nginx config to solve this, this one maybe isn't the best but it works:
|
LIkewise, the config I needed for apache looked like this:
After loading |
I looked at the javascript websocket events and unfortunately did not find a way to get it. Even though it is present in the error stack showing in the browser console, this particular messsage text is not available from the error event itself that gets passed to websocket event handlers. Found similar issue on Stackoverflow which confirms my findings. Thus closing it as "by design". |
What happened:
End-user received
disconnected
message in a terminal window when attempting to open a session through teleport-proxy's web UI.What you expected to happen:
A web teleport session to be successfully opened, or an error message stating
Websockets upgrade failed, please contact your Teleport administrator.
How to reproduce it (as minimally and precisely as possible):
Put a load balancer in front of teleport-proxy that does not support websockets connection upgrades. As a quick test, within Firefox's
about:config
, setnetwork.websocket.max-connections
to0
.Note: The default HTTP profile used with Citrix NetScalers may not include websockets support. Various ways of terminating SSL on the edge of cloud provider load balancer products (where a clean layer4 VIP all the way to teleport-proxy is not available) cloud also trigger this behavior.
Environment:
teleport version
):Teleport Enterprise v2.4.0
tsh version
): sameBrowser environment
Relevant Debug Logs If Applicable
Within teleport-proxy logs, there's an entry showing that the session was attempted, but no hints that the upgrade to websockets failed:
INFO Generated session
..Hat tip to Daniel G for sleuthing this.
The text was updated successfully, but these errors were encountered: