Websocket error 403 when using ssl-termination

Hi,
I have datalore running as a docker container. Traffic needs to go through my haproxy, which performs ssl-termination.
Unfortunately when going through haproxy loading datalore fails. The browser tries to acces datalore using wss:// which results in an error 403.
Accessing the container directly (http://mydocker.host:8080) works since datalore is only accessed via ws://
This however is not an option for my deployment. I use the exact same haproxy configuration with other services which use websockets witthout any issues.

Do you have an ideas?

haproxy-config:

frontend extern
    mode http
    http-request set-header X-Forwarded-Proto https
    bind {external IPv4}:443 interface {interface} ssl crt {pathToCert} alpn h2,http/1.1
    bind {external IPv6}:443 interface {interface} ssl crt {pathToCert} alpn h2,http/1.1
    use_backend %[req.hdr(host),lower,map({pathToMapFile.map})]
    default_backend default

backend datalore
    mode http
    server datalore {myDockerHost}:8080

Same Problem here using nginx. When I access it through the public ip it works. So it’s gotta be a problem with the reverse proxy. @eee did it work in previous versions?

@Socius this is my first time installing datalore therefore I have not and due to a lack of licenses can not test earlier versions.

Ok, so this is a problem with version 2022.3. It will work perfecty if you use version 2022.2.2 until a solution is found to nginx reverse proxy & sql command issue after upgrading to 2022.3 · Issue #25 · JetBrains/datalore-configs · GitHub. So just change the version number from 2022.3 to 2022.2.2 in your docker-compse.yaml

Can confirm, it works with 2022.2. Since I don’t have a license for this version, this is unfortunately not a solution :frowning:

correction: also works with 2022.2.3 and my license seems to work with this version :slight_smile:

1 Like

Yeah it is not an optimal solution because the wss connection for the collaboration socket still throws an error 403. But if you are solo you can use it without any problems

Hello @eee and @Socius,

Sorry for the confusion, it is required to specify DATALORE_PUBLIC_URL in the environment section (see example).

We will update the documentation to reflect that.

Thank you!

1 Like

this resolves the issue :+1:t2:

1 Like