-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 [Kasm] 400 Bad Request when exposing via RunTipi.io using Cloudflare tunnel #2394
Comments
Hello @jasonpearce, |
Thank you for responding @steveiliop56. It is. Here are my Public Hostname settings in Cloudflare (with some information obscured): Basic Information
|
Hello @jasonpearce, Can you confirm that you can access kasm normally via the ip address and port? |
Yes. Locally I can access Kasm via https://:port. I can also confirm that four other Cloudflare access tunnels to other Runtipi apps work internally and externally. The only difference is that Kasm is the only one using the Cloudflare origin configuration of "http2Origin" in addition to the "noTLSVerify." All others use only "noTLSVerify." If I remove "http2Origin" from the Cloudflare setting for Kasm, I do not observe a difference. This weekend, I'll attempt to capture and provide ample screen shots if that would be helpful. Again, thank you for assisting. |
Here are some screenshots I said I would provide. I hope they are helpful. Cloudflare settingsTipi on local networkWorking Hello World Settings for LAN and WANWorking Kasm Settings for LANNot Working Kasm Setting for WANClosingPlease let me know what additional information I can provide to help you or others identify if this is only an issue on my end or if this is a bug. I did use Tipi to uninstall and reinstall the Kasm app (same results). |
It seems there is an issue on how the tipi reverse-proxy operates and forwards the request to kasm. I cannot find anything useful in the linuxserver environments that could help with it. Probably some tweaking with the nginx headers could help. I will do some testing |
This weekend, I upgraded from Tipi v2.5.x to v3.0.3. After doing so, Kasm Workspaces 1.120.20221218 no longer worked via the local IP address. A few other apps also stopped working. I installed some new apps, and some of them would work, others would not. Worked by local IP before and after upgrade: Worked by local IP before upgrade, but 400 Bad Request after upgrade: Installed after upgrade and works by local IP: Installed after upgrade, but 400 Bad Request: My priority is to have Kasm Workspaces working via local IP and via a Cloudflared tunnel. To provide you some more information, I built a new virtual machine to do some testing. Ubuntu 22.04.04 LTS Desktop: Runtipi v3.0.3: Hello World vLatest: Rebooted. Kasm Workspaces v1.120.20221218: Rebooted. Kasm Workspaces: Cloudflared v2024.2.1: Rebooted. Kasm 400 Bad Request:
Summary: I hope some of this information helps you troubleshoot and is not wasting your time. |
I'm not experienced enough to help solve this problem. But in an attempt to help, I asked a LLM to review the code on the Kasm repositories and suggest some changes that might fix the issue. Here's what one AI proposed. I understand this may very well be misleading or incorrect. LLM AI: After reviewing the Kasm repositories, I found a potential cause for the issue. The problem might be related to the NGINX reverse proxy configuration in the Kasm Workspaces source code. Specifically, the To fix the issue, you can try the following steps:
Add the following server block within the server {
listen 80;
server_name kasm.example.com;
return 301 https://$host$request_uri;
}
Change the existing HTTPS server block to: server {
listen 443 ssl http2;
server_name kasm.example.com;
# ... (other configurations)
}
Please note that these changes are based on the assumption that the issue is related to HTTP/HTTPS configuration. If the problem persists, further investigation might be required to identify other potential causes. If you need more assistance or have any questions, please let me know. |
After upgrading to...
My results are unchanged:
|
I might be able to solve it by fixing some labels. But if that doesn't work I unfortunately will have to disable the expose feature. |
Ok. I understand. I agree. If the bug/conflict with Cloudflared cannot be resolved, then removing the expose feature would be the best option to "resolve" this bug. Thank you. |
So I unfortunately cannot solve the traefik issue so the best solution for now is to completely disable traefik on kasm because neither local domains nor exposed work (I get the same issue as you) #3048 |
Store Application
Kasm Workspaces
App version
1.120.20221218
Description
Describe the bug
When accessing a new Kasm installation on a RunTipi.io server via a Cloudflare tunnel, the browser response is:
400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx
Expected behavior
I'd like to be able to access https://kasm.example.com, running as a RunTipi.io app, via a Cloudflare tunnel remotely/externally.
Screenshots
![image](https://private-user-images.githubusercontent.com/3466316/301919056-a32a9545-b1d3-47e2-9f64-3ed9962abb78.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjI0NTQ0ODQsIm5iZiI6MTcyMjQ1NDE4NCwicGF0aCI6Ii8zNDY2MzE2LzMwMTkxOTA1Ni1hMzJhOTU0NS1iMWQzLTQ3ZTItOWY2NC0zZWQ5OTYyYWJiNzgucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDczMSUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MzFUMTkyOTQ0WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MWU1NGM2MDdiN2RlZDBkMjY3MzgyNTUzY2Q4MmU4NzIxMTM0MDBmNTQyYjk3ZjEwMjQ2NjBiZDlkZDI0MWQ0YiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.vFP5_VI_S_Y46moxoXc4OODBRo5M8S_0iL-6JizcR3s)
Workspaces Version
Latest Ubuntu Server, RunTipi.io, and Kasm app
Workspaces Installation Method
Physical Lenovo Tiny PC, Ubuntu Server 22.04, Docker, RunTipi.io, Cloudflare Tunnel, Kasm App via the RunTipi app store
Client Browser (please complete the following information):
Workspace Server Information (please provide the output of the following commands):
uname -a
cat /etc/os-release
sudo docker info
sudo docker ps | grep kasm
Additional context
I can use Cloudflare tunnels to externally expose other apps installed from the RunTipi.io app store. I've done so for about eight apps. This issue occurs only within the Kasm app. The Kasm app works fine inside my home network via IP address and port. Thank you.
Steps to reproduce
To Reproduce
Steps to reproduce the behavior:
App logs
I'm not finding a way to view logs in the Tipi dashboard.
Browser
Browser Agnostic
Browser logs
No response
User-Config changes
No changes.
Other
Posted this on the Kasm github:
kasmtech/workspaces-issues#509
One response was...
The error is indicating that the system is trying to access (presumably the kasm server) over HTTP instead of HTTPS , so somewhere in your stack you need to ensure your reverse proxy style system (Cloudflare Tunnel) is proxying to Kasm via HTTPS and not HTTP. I'm not familiar with Tipi so check there as well
Please confirm the following
The text was updated successfully, but these errors were encountered: