FF/IE11: Could not connect to server at wss://.../websocket

klabauter · January 29, 2019, 4:29pm

So some of my users suddenly run into random connection problems with browsers like IE11 or Firefox.
They end up at an endless loading spinner, while the JS console throws many errors like these:

Reloading the page or whatever doesn’t change anything, the errors keep popping up.
So for some reason the browser can’t connect to the websocket(s) but I can’t see any problems in my code, this has to be a problem somehow related with Meteor itself I think.

sidenote: some of my users report that they only run into these problems after me upgrading the app to Meteor v1.8 - before it was running on v1.7.x.

Can someone help?

Cheers, Patrick

doctorpangloss · February 4, 2019, 7:48am

Are you serving directly out of the meteor run server?

klabauter · February 13, 2019, 3:48pm

Sorry for my late reply:
No, this was in production!

Multiple docker containers running behind a nginx proxy on an Ubuntu machine. No meteor run, just normal nodejs in docker containers.

doctorpangloss · February 15, 2019, 11:15pm

Did you configure nginx yourself? Are you trying to say you’re using the Elastic Beanstalk Docker runtime? Are you trying to say you’re using an Elastic Load Balancer to terminate SSL?

apache and nginx are tricky to configure correctly for SSL for all browsers. In particular, you might be rewriting headers in a way that the SSL quirks in Firefox and IE are too strict to allow.

In a Docker Swarm environment, traefik is much easier to configure, especially for SSL, and Just Works for web sockets, unlike nginx and apache. Maybe take a look at that? Use ACME on demand, it Just Works.

I use traefik in production for Meteor with SSL, I just don’t get involved in the web socket configuration headaches.

pwiegers · February 16, 2019, 12:48pm

Hi Patrick,

did you solve it? I just saw your post. I know some of my users have the same problem if I don’t run SSL, as they are behind a proxy. Do you use SSL?

regards,

Paul

klabauter · February 17, 2019, 9:02pm

Hi guys,

Thanks for your replies!

I am running a standard nginx proxy. I followed this tutorial.

I wasn’t aware of traefik - will have a look.

And yes, I am running ssl - including force-ssl package.

cheers, Patrick

doctorpangloss · February 19, 2019, 6:32pm

That tutorial is buggy. There’s nothing standard about it!

It should have been a big red flag when he writes “We actually need to update the default nginx.conf template the ships with Mechanic. It’s good, but it doesn’t play very nicely with Meteor’s websockets.”

Don’t use nginx!

klabauter · February 24, 2019, 7:11pm

Yep sure maybe.
Anyways … wasn’t aware of traefik - thanks for the recommendation!
Any tips on using traefik in a multiple meteor docker containers (deployed via mup) environment?!

macrozone · February 24, 2019, 7:16pm

do you do load balancing? do you have multiple containers?

if so, ensure that you have sticky-sessions, so that clients don’t hop between instances.

Not sure if its is related though

doctorpangloss · February 24, 2019, 8:27pm

I have a hard time gathering all the mup knowledge honestly. But it appears that mup can create a docker swarm. There, you can add a service similar to this to just “enable” traefik, and remove the nginx proxy.

version: '3'
services:
  loadbalancer:
    image: traefik:alpine
    command: |
      --docker \
      --entryPoints="Name:http Address::80 Redirect.EntryPoint:https" \
      --entryPoints="Name:https Address::443 TLS" \
      --retry \
      --acme \
      --acme.tlschallenge \
      --acme.email="youremail@example.com" \
      --acme.storage="/data/acme.json" \
      --acme.entrypoint="https" \
      --acme.ondemand=true \
      --docker.swarmmode \
      --docker.watch \
      --docker.exposedbydefault=false
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - loadbalancerdata:/data
    deploy:
      restart_policy:
        condition: on-failure
        window: 8s
volumes:
  loadbalancerdata:

Then, the labels you have to instruct mup to add to your nodes are:

"traefik.frontend.rule=Host:your.domainname.com"
"traefik.frontend.entryPoints=http,https"
"traefik.backend.loadbalancer.swarm=true"
"traefik.backend.loadbalancer.stickiness=true"
"traefik.port=3000"
"traefik.enable=true"

You can also configure a standalone traefik to run on your host (as opposed to inside docker). Remove all the associated docker configuration from its command line, while keeping stuff like the acme commands. Then, add a config.toml that tells traefik about your one backend, the exposed port 80 on your host (i.e., docker swarm exposing port 80 and load balancing, randomly, among all hosts).

I’ll be honest and say that while mup is maintained, it doesn’t really make sense. Architecturally, it is equivalent to a bash script that scpes your settings.json onto the remote host, sshes into a remote host, runs git pull on your project repository, runs the meteor build process, kill -2 any existing node processes, and then calls node main.js in your bundle. Considering that nearly everyone is using it on Ubuntu-based cloud hosts, it’s a project will an awful lot of obscurity and GitHub Issues for something as (relatively!) straightforward as running a process.

docker provides a decent, if complicated, way to call node main.js multiple times, much like foreman does; and traefik provides a decent, if complicated, way to sticky-sessions route web requests and handle SSL conveniently to these multiple processes disguised as docker containers. It took me about a day to learn how to write a docker-compose.yml, compatible with docker swarm, that includes traefik and my docker image containing my meteor application, to deploy everything in a less obscure way.

However, if mup is working for you, and you’re dead set on not doing any of this stuff, then I suppose you’re going to have to deal with these mysterious issues. But then again, we don’t actually know if they’re related!

I should remind you that I could be totally wrong. Your SSL problems may be unrelated to anything we’ve talked about. All I’m saying is that the node ecosystem is complex, and I don’t think Galaxy (or anything the meteor devs test with) has this issue, and Galaxy doesn’t use mup.

klabauter · February 25, 2019, 10:38am

@doctorpangloss
Thanks a lot for your great reply mate!

I’m gonna be honest: I am aware that mup isn’t the best solution out there.
I am only looking for a relatively easy solution to deploy a new version my app every second week or so without any downtimes.

It seems like that you are experienced in working with several docker containers (= docker swarm - correct?) behind a traefik proxy/load balancer. That’s exactly what I want to do!

If you are willing to help me out even further and support me in writing a bash script (not very experienced in bash scripts unfortunately) which deploys new versions to my server and run it on my ubuntu machine I would greatly appreciate it.

I am happy to pay for your help of course! If you are interested please drop me a PM.

cheers, Patrick

shankscoder · December 1, 2019, 4:16pm

A bit late to the party, but do you have a writeup on how you set this up?

I think more people would benefit from knowing to run a more robust dockerized setup for Meteor, esp those who intend to self-host.

Thanks in advance.