ledger-live-desktop
ledger-live-desktop copied to clipboard
LedgerHQ
Websocket Proxy passthrough
Ledger Live Version and Operating System
- Ledger Live 1.0.1
- Platform: linux
When the manager is opened, ledger live checks Internet connectivity.
If I have a proxy (configured via environment variables), the program does not detect that connectivity, it shows a red message “Oops, internet seems down” and offers to retry; which never detects it (see attached screenshot ledger-live.proxy-netdown.png).
On my squid3 logs I have messages like this one: “TAG_NONE/400 4062 NONE error:invalid-request - HIER_NONE/- text/html”
If I unset proxy environment variables, then network detection, and the program, works fine.
I could attach application.log if you need it, I’m guessing you won't since I've been able to reproduce it on two different computers (one with debian sid, the other with debian stretch, both updated to date).
Thanks
I guess because we use WebSocket here. Not sure if there is anything we can fix
https://stackoverflow.com/questions/38974731/websockets-not-connected-behind-proxy here is the suggestion how you could fix it. And even wikipedia describes these issues https://en.wikipedia.org/wiki/WebSocket#Proxy_traversal
Problem comes from the proxy server itself (nb that we already use wss protocol) and I'm not sure we should prioritize special cases (for now), current solution works for the vast majority of users. @lomax feel free to create PR if you find solution / ways to test & reproduce in the app :+1:
@meriadec Have you tested it behind the proxy? It just can't detect internet connection behing the proxy which allow CONNECT only on 443 port and block all other ports except 80 and 443. @kpiris said he could provide any logs if needed as he manage the proxy himself. What additional info do you need?
We can't test with your proxy :smile: As described before, it's not an issue with the app, but with some external infrastructure blocking app normal behaviour.
If you find a workaround in the app that works for you and doesn't bring any regression without proxy, you can totally make a pull request (if you do so, please provide any useful instructions for us to test). Thanks!
@meriadec Can you please name proxy and describe settings you've used to test the app connectivity through the proxy. Me and @kpiris reported that the app doesn't work behind the squid proxy. Could you elaborate if this is the problem with proxy in general why you are claiming proxy instance and not the app?
Dude, like I said two times, we didn't tested any proxy configuration: it's not part of the app scope. As described in the issue decription: the app works fine without proxy. We can't do custom fixes for users custom configuration.
So repeating again: If you want to propose a fix yourself, it will be welcomely welcome.
Have a good day.
But old Chrome apps works behind the proxy. You've created the new standalone app that doesn't. I can give you a hint it is called regression and not "users custom configuration". Because proxies and firewalls is the common network infrastructure. You've just reduced connectivity options and saying that users must take care of it themselfs.
the bug might be related to wss:// that is used in Ledger Live. the previous Chrome app was using ws:// . we have first to check all our API works with ws:// (including the new genuine check) , if it does maybe we could have an advanced option to use non secure websocket
@lomax it's likely your Proxy supports ws:// but not wss://
would you mind checking on this?
https://www.websocket.org/echo.html
you can also try setting the environment variable BASE_SOCKET_URL to ws://api.ledgerwallet.com/update
The browser prevents me to initiate connection to unsecure socket ws://
echo.js:136 Mixed Content: The page at 'https://www.websocket.org/echo.html' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://echo.websocket.org/?encoding=text'. This request has been blocked; this endpoint must be available over WSS.
doConnect @ echo.js:136
echo.js:136 Uncaught DOMException: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
at HTMLButtonElement.doConnect (https://www.websocket.org/js/echo.js:136:17)
you can also try setting the environment variable BASE_SOCKET_URL to ws://api.ledgerwallet.com/update
@gre I've got those errors after i click disconnect on wss://, changed it to ws:// and clicked connect. wss:// work just fine as you see from the screenshot. So I think that something wrong with the app and not the proxy as proxy pass wss://echo.websocket.org just fine. Could you place some test script on the Web that uses the same functions to open wss that in the app to test it from the browser?
I've tried http://www.websocket.org/echo.html to check ws:// and it indeed doesn't work
And for some reason i see request to wss:// from this page and to the different fqdn.
any updates or plans to revert to Chrome ledger wallet app? Maybe someone found out workaround?
@maciejbozemoj I guess a workaround would be to run everything in a virtual machine, and configure the VM to use the proxy.
@danuker or even better inside VM which is inside another VM, so usb passthrough became you real problem and not this sophisticated web protocol tunneling.
we might provide an option to set up the proxy parameters.
https://github.com/electron/electron/blob/master/docs/api/session.md#sessetproxyconfig-callback
The guys at Ledger are such greenhorns who have next to zero clue. They call proxy servers "uncommon" and "non-standard". Half of the fucking world is accessing the internet through proxies, you idiots. Basically anyone accessing from company networks goes through proxies.
It has been confirmed by many users that we improved the initial situation (we had cloudflare issues) so that's why I assumed the initial issue was fixed (specifically the one showing a live saying internet seems down), this issue has been created more than a year ago and there might be many reason of why you are experiencing network issues.
It can be good to have more detail because "it does not work" does not really help understanding the problem about what happens on your side (you can contact directly to the techsupport team). Alternatively if you are a developer you can investigate to give us precise detail on how we should reproduce the problem, no one at Ledger have this issue. Thanks
We are not connecting directly to the internet, so we also can't connect directly to your servers.
If you will have isolated network with Proxy server set as an the only gateway to internet you will be able to reproduce this issue.
ok, sorry i confonded this task with another one that was issuing the same manager error. So that's why this task is still opened, we can introduce this feature (and in fact, Ledger Live Desktop is open sourced so anyone wanting to take this is welcomed to 🙏) we're soon going to refactor our project / update some libraries and we'll keep this feature in mind.
It's hard to understand exactly the needs and the constraints. What exactly are you looking for @NightProwler-dc ?
We are not aware of a lot of users actively asking for this feature so the best is probably to have OSS contribution on this. We are open source and we can take the time to review a Pull Request proposal of a solution.
dev note: In term of architecture, if it means a proxy on the HTTP, we have also to understand this need to be solved both on Electron side and in our internal node process side.