Terje Kvernes
11/12/2022, 1:01 PMNov 12 13:52:57 [...] fleet[79831]: {"component":"http","err":"read auth token: reading from websocket: sockjs: session not in open state","msg":"failed to read >
Nov 12 13:53:00 [...] fleet[79831]: {"component":"http","err":"error in query ingestion","ingestion-err":"campaign waiting for listener (please retry)","ip_addr">
The setup is fleet listening on localhost:8080 and nginx acting as a proxy to serve fleet on *:443. Serving the UI works well, and I have attempted to serve the API specifically via
location ~/api/v1/osquery {
grpc_pass <grpcs://127.0.0.1:8080>;
grpc_set_header Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
access_log /var/log/nginx/api.fleetdm.com_access.log;
error_log /var/log/nginx/api.fleetdm.com_error.log;
}
And the access logs suggest everything works fine:
2001:[...] - - [12/Nov/2022:13:58:57 +0100] "POST /api/v1/osquery/config HTTP/2.0" 200 472 "-" "osquery/5.5.1"
2001:[...] - - [12/Nov/2022:13:59:02 +0100] "POST /api/v1/osquery/distributed/read HTTP/2.0" 200 39 "-" "osquery/5.5.1"
2001:[...] - - [12/Nov/2022:13:59:06 +0100] "POST /api/v1/osquery/distributed/read HTTP/2.0" 200 39 "-" "osquery/5.5.1"
It is worth noting that the clients are dual stack and the infrastructure runs primarily over IPv6.
I am not sure how to debug the report that websocket not being in "an open state". Is there anything in particular I should be looking for/at?Benjamin Edwards
11/12/2022, 4:07 PMTerje Kvernes
11/12/2022, 4:08 PMBenjamin Edwards
11/12/2022, 4:13 PMMystery Incorporated
11/12/2022, 4:37 PMlocation ~/{
# Assuming your fleet server is listening on 8080
proxy_pass <https://localhost:8080>;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Proxy "";
access_log /var/log/nginx/ui.fleetdm.com_access.log;
error_log /var/log/nginx/ui.fleetdm.com_error.log;
}
Terje Kvernes
11/12/2022, 4:39 PMBenjamin Edwards
11/12/2022, 5:40 PMTerje Kvernes
11/13/2022, 7:32 AM