Skip to content
This repository has been archived by the owner on Dec 7, 2020. It is now read-only.

Web sockets error #291

Closed
aalubin opened this issue Nov 29, 2017 · 3 comments
Closed

Web sockets error #291

aalubin opened this issue Nov 29, 2017 · 3 comments

Comments

@aalubin
Copy link

aalubin commented Nov 29, 2017
edited
Loading

I am trying to use keyckloack-proxy as a front-end for on-premise kubernetes cluster.
Everything works, but one of the UI features, that opens a shell on the pod using web sockets.
When I try to open a shell, the connection closes after a second with the following proxy error :

1.5119475422049198e+09	debug	keycloak-proxy/forwarding.go:43	upgrading the connnection	{"client_ip": "127.0.0.1:57189"}
Panic: interface conversion: *middleware.flushWriter is not http.Hijacker: missing method Hijack
goroutine 237 [running]:
runtime/debug.Stack(0x61, 0x0, 0x0)
	/usr/local/Cellar/go/1.9.2/libexec/src/runtime/debug/stack.go:24 +0xa7
runtime/debug.PrintStack()
	/usr/local/Cellar/go/1.9.2/libexec/src/runtime/debug/stack.go:16 +0x22
github.com/pressly/chi/middleware.Recoverer.func1.1(0xc420609f00, 0x18b5080, 0xc4201f89a0)
	/Users/alon.l/go/src/github.com/pressly/chi/middleware/recoverer.go:28 +0x1c0
panic(0x1547a00, 0xc420157380)
	/usr/local/Cellar/go/1.9.2/libexec/src/runtime/panic.go:491 +0x283
main.tryUpdateConnection(0xc4206ce000, 0x1a86360, 0xc420157300, 0xc420150380, 0x0, 0x0)
	/Users/alon.l/go/src/github.com/gambol99/keycloak-proxy/utils.go:257 +0xc8
main.(*oauthProxy).proxyMiddleware.func1(0x1a86360, 0xc420157300, 0xc4206ce000)
	/Users/alon.l/go/src/github.com/gambol99/keycloak-proxy/forwarding.go:44 +0x524
net/http.HandlerFunc.ServeHTTP(0xc4204dc380, 0x1a86360, 0xc420157300, 0xc4206ce000)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:1918 +0x44
main.(*oauthProxy).securityMiddleware.func1(0x1a86360, 0xc420157300, 0xc4206ce000)
	/Users/alon.l/go/src/github.com/gambol99/keycloak-proxy/middleware.go:378 +0x306
net/http.HandlerFunc.ServeHTTP(0xc42023e000, 0x1a86360, 0xc420157300, 0xc4206ce000)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:1918 +0x44
main.entrypointMiddleware.func1(0x18b5080, 0xc4201f89a0, 0xc420609f00)
	/Users/alon.l/go/src/github.com/gambol99/keycloak-proxy/middleware.go:55 +0x23b
net/http.HandlerFunc.ServeHTTP(0xc4204dc420, 0x18b5080, 0xc4201f89a0, 0xc420609f00)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:1918 +0x44
github.com/pressly/chi/middleware.Recoverer.func1(0x18b5080, 0xc4201f89a0, 0xc420609f00)
	/Users/alon.l/go/src/github.com/pressly/chi/middleware/recoverer.go:35 +0x9f
net/http.HandlerFunc.ServeHTTP(0xc4204dc440, 0x18b5080, 0xc4201f89a0, 0xc420609f00)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:1918 +0x44
github.com/pressly/chi.(*Mux).ServeHTTP(0xc42005c720, 0x18b5080, 0xc4201f89a0, 0xc420609e00)
	/Users/alon.l/go/src/github.com/pressly/chi/mux.go:81 +0x221
net/http.serverHandler.ServeHTTP(0xc420158c30, 0x18b5080, 0xc4201f89a0, 0xc420609e00)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:2619 +0xb4
net/http.(*conn).serve(0xc4206b8140, 0x18b5d40, 0xc4201571c0)
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:1801 +0x71d
created by net/http.(*Server).Serve
	/usr/local/Cellar/go/1.9.2/libexec/src/net/http/server.go:2720 +0x288

The proxy version I use:
keycloak-proxy version v2.1.0-rc5 (git+sha: no gitsha provided, built: 01-01-1970)

Is it a bug?
am I missing a flag, again? :)
@ginkel
Copy link

ginkel commented Jan 7, 2018
edited
Loading

Having also just hit this issue, I tried figuring out what is causing this to break. AFAICS, the issue is caused by a chi middleware.flushWriter being used instead of a middleware.httpFancyWriter. The decision which one to use seems to happen in NewWrapResponseWriter and the exact logic depends on whether HTTP/2 is in use.

func NewWrapResponseWriter(w http.ResponseWriter, protoMajor int) WrapResponseWriter {
	_, cn := w.(http.CloseNotifier)
	_, fl := w.(http.Flusher)

	bw := basicWriter{ResponseWriter: w}

	if protoMajor == 2 {
		_, ps := w.(http.Pusher)
		if cn && fl && ps {
			return &http2FancyWriter{bw}
		}
	} else {
		_, hj := w.(http.Hijacker)
		_, rf := w.(io.ReaderFrom)
		if cn && fl && hj && rf {
			return &httpFancyWriter{bw}
		}
	}
	if fl {
		return &flushWriter{bw}
	}

	return &bw
}

This is most likely the culprit in my setup as keycloak-proxy is running behind an nginx reverse proxy, so connections get downgraded to HTTP/1.1 and at least one of cn, hj or rf is false causing the code to fall through to the flushWriter creation.

@gambol99
Copy link
Contributor

gambol99 commented Jan 9, 2018

should be fixed in #303

@ginkel
Copy link

ginkel commented Jan 9, 2018

Works like a charm, thanks @gambol99! :-)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ginkel @gambol99 @aalubin