Unable to console into containers

[nightah]

Bug description

Since the upgrade to version 1.17.0 Portainer no longer allows console access into any containers when sitting behind a nginx reverse proxy. The web page pops up with an error in the top right reading:

Failure
no such exec

It's also worth noting that rolling back to version 1.16.5 restores Console access.

Expected behavior
Console for respective container to launch for executing commands.

Steps to reproduce the issue:

Steps to reproduce the behavior:

1. Go to 'Containers'
2. Click on any container
3. Click on 'Console >_'
4. Click on 'Connect'
5. See error in top right

Technical details:

• Portainer version: 1.17.0
• Docker version (managed by Portainer): 18.04.0-ce
• Platform (windows/linux): Linux
• Command used to start Portainer (docker run -p 9000:9000 portainer/portainer):

  portainer:
    image: portainer/portainer
    container_name: portainer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/nerv01/.config/.portainer:/data
    networks:
      - nerv-net
    expose:
      - 9000
    restart: unless-stopped

• Browser: Google Chrome 66.0.3359.139

Additional context
The portainer logs show the following error each time a request to console is executed (clicking the Connect button when a shell has been selected).

2018/05/12 07:45:17 http error: websocket: request origin not allowed by Upgrader.CheckOrigin (code=500)
2018/05/12 07:45:17 http: multiple response.WriteHeader calls

The instance of Portainer is reverse proxied behind an SSL secured nginx with the following configuration:

server {
    server_name portainer.example.com;
    listen 443 ssl http2;
    include /config/nginx/options-ssl.conf;

    location / {
        proxy_pass http://portainer:9000;
        include /config/nginx/proxy.conf;
        proxy_set_header Connection "";
    }

    location /api/websocket {
        proxy_pass http://portainer:9000/api/websocket;
        include /config/nginx/proxy.conf;
        # websocket configuration
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

proxy.conf:

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

[vesylapp]

FYI, I'm seeing the same behavior connecting directly to Portainer (i.e. not behind a proxy)

[deviantony]

@FSLDev please open a new issue if you're not using Nginx here.

[deviantony]

@nightah could you try with portainer/portainer:pr1901 ?

@FSLDev feel free to try as well although I'm not sure your problem is related.

[nightah]

@deviantony pr1901 still fails with the same error:

2018/05/16 00:53:04 Starting Portainer 1.17.0 on :9000
2018/05/16 00:53:51 http error: websocket: request origin not allowed by Upgrader.CheckOrigin (code=500)
2018/05/16 00:53:51 http: multiple response.WriteHeader calls

The frontend still displays the no such exec error also.

[deviantony]

@nightah Thanks for the feedback, I'll push some new changes soon.

[deviantony]

@nightah I've added a debug statement in portainer/portainer:pr1901. Could you pull the latest version of this image, try again and share the logs with us?

[intergate]

The problem is that nginx does not allow the websocket connection.
The problem can be solved easily if the configuration of Nginx adapt.

location /wsapp/ {
proxy_pass http://wsbackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

[khast3x]

@intergate thank you this worked for me.

Don't forget to rebuild with the docker-compose up --build option for changes to take effect

[zuosc]

I find nginx error

client sent too long header line

then change nginx.conf

large_client_header_buffers 4 16k;

every thing is ok