anything-llm icon indicating copy to clipboard operation
anything-llm copied to clipboard

Published 20 hours ago verified publisher icon Mintplex-Labs

[BUG]: Websocket not being upgraded with manual HTTP certificate set

Open man2004 opened this issue 9 months ago • 8 comments

How are you running AnythingLLM?

Docker (remote machine)

What happened?

When I typed @agent to launch it, it showed following and the agent session ended immediately:

Agent @agent invoked.
Swapping over to agent chat. Type /exit to exit agent execution loop early.

Agent session complete.

I am using docker image I pulled today.

Are there known steps to reproduce?

No response

man2004 avatar May 01 '24 21:05 man2004

I have just found it might be because of SSL. With same docker image, after I enabled SSL and accessed with https://domain_name, then agent ended immediately. If I disabled SSL and accessed with http://ip_address, then agent worked.

man2004 avatar May 02 '24 01:05 man2004

Relevant line where if on https, we assume the backend has SSL as well so we upgrade WS to WSS https://github.com/Mintplex-Labs/anything-llm/blob/9feaad79cc69c826001b36d0e129da403a695d23/frontend/src/utils/chat/agent.js#L18

If using nginx as a proxy https://github.com/Mintplex-Labs/anything-llm/blob/9feaad79cc69c826001b36d0e129da403a695d23/cloud-deployments/aws/cloudformation/aws_https_instructions.md?plain=1#L68-L73

timothycarambat avatar May 02 '24 01:05 timothycarambat

Thanks. I originally used the SSL feature in AnythingLLM and did not use nginx as proxy. After changing to use nginx as proxy, problem solved.

man2004 avatar May 16 '24 00:05 man2004

I'm also experiecing the same because I have AnythingLLM using https: to server with these lines in my .env file

ENABLE_HTTPS='true'
HTTPS_CERT_PATH='path to/server.crt'
HTTPS_KEY_PATH='path to /docker$

I'd rather not remove the https encryption. Is there a workaround? thanks

Anto79-ops avatar May 16 '24 16:05 Anto79-ops

When you have the network inspector open, can you tell me what happens to the socket and what URL it tries to reach? If the frontend is running https it should upgrade the socket to wss automatically

timothycarambat avatar May 16 '24 17:05 timothycarambat

sure, I'd be happy to share that. When expanding the netwrok information in Chrome, what would you like to me expand here?

image

also, here's the error from Chrome, it does open wss

image

Anto79-ops avatar May 16 '24 17:05 Anto79-ops

Okay, so it looks like it does upgrade the Websocket connection. What do the docker logs say on the backend when the agent is invoked - if anything? Im thinking maybe the websocket does not inherit the SSL cert like the whole express server does.

timothycarambat avatar May 16 '24 18:05 timothycarambat

That is correct. The docker logs do not say anything while all this is happening.

Anto79-ops avatar May 16 '24 18:05 Anto79-ops

Resolved via https://github.com/Mintplex-Labs/anything-llm/pull/1429

timothycarambat avatar May 17 '24 21:05 timothycarambat