Riliam Riliam -3 years ago 112
Python Question

Tornado nginx websockets handshake 400 error

The problem is with websocket connection, proxied by nginx from tornado/tornado-sockjs to sockjs client in browser. Without nginx (on local host) things work properly.

Error message in browser when loading page (when sockjs connection initialized):

WebSocket connection to 'ws://my-domain.com/ws/844/blvz89pq/websocket' failed: Error during WebSocket handshake: Unexpected response code: 400


Relevant part of custom nginx config:

location /ws/ {
proxy_pass http://127.0.0.1:8888;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}


Value of $connection_upgrade from nginx.conf:

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}


It looks like tornado-sockjs returns 400 in case if
Upgrade
header is not set to
'websocket'
(code). Indeed, printing headers before
if
in line 46 gives us value of header
Connection=close
and no
Upgrade
presented at all.

Value of
dict(self.request.headers)


{
"Accept-Language": "en-US,en;q=0.8,ru;q=0.6",
"Accept-Encoding": "gzip, deflate, sdch",
"Sec-Websocket-Key": "*******",
"Connection": "close",
"X-Real-Ip": "172.17.0.1",
"Origin": "http://my-domain.com",
"Sec-Websocket-Extensions": "permessage-deflate; client_max_window_bits",
"X-Forwarded-For": "172.17.0.1",
"Sec-Websocket-Version": "13",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
"Host": "my-domain.com",
"X-Forwarded-Proto": "http",
"Cookie": "_ym_uid=1456149826627418608; sessionid=0pn2knqey7raw7w4dst9d7vqvtvsmook; csrftoken=0o1lqSW4XCZvvlvYtN4S7Stt53AyKWf6; __utmx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:5.mu9KcCiZSDepsLZ385hDXA$117448007-11:0; __utmxx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:1456307221:15552000.mu9KcCiZSDepsLZ385hDXA$117458007-11:1457421562:15552000; _ym_isad=0; _ga=GA1.2.2002408319.1456149825; JSESSIONID=dummy",
"Pragma": "no-cache",
"Cache-Control": "no-cache"

}


But inspecting headers from browser shows, that both Connection and Upgrade headers have values, that should be valid for tornado.

Headers from browser:

Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Cache-Control:no-cache
Connection:Upgrade
Cookie:_ym_uid=1456149826627418608; sessionid=0pn2knqey7raw7w4dst9d7vqvtvsmook; __utmx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:5.mu9KcCiZSDepsLZ385hDXA$117448007-11:0; __utmxx=147844469.bAGHuGeARZy_vppa6db8lg$115132382-10:1456307221:15552000.mu9KcCiZSDepsLZ385hDXA$117448007-11:1457421562:15552000; _ym_isad=0; _ga=GA1.2.2002408319.1456149825; csrftoken=0o1lqSW4XCZvvlvYtN4S7Stt53AyKWf6; JSESSIONID=dummy
Host:my-domain.com
Origin:http://my-domain.com
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:/zRJijtAtPjjLNJK49SIDQ==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36


My possible suggestion is how/when Tornado parses headers.

UPD:
Versions of software used:

1. sockjs-tornado==1.0.2
2. tornado==4.3
3. tornado-redis==2.4.18

Answer Source

So the problem was with proxying requests through one more Nginx running outside of Docker container.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download