Test client - Can't connect to server - invalid header

[slazarov]

Notify push has been installed properly but test client fails to connect. Nextcloud server VM is behind a reverse proxy instance on a separate VM.

# occ notify_push:self-test
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app

Nginx reverse proxy is configured as listed here:

location ^~ /push/ {
    proxy_pass http://10.10.1.30:7867/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Metrics also appear to show activity:

# occ notify_push:metrics
Active connection count: 1
Total connection count: 2
Total database query count: 3
Events received: 10
Messages sent: 2

However upon trying to connect test_client I get this:

# test_client https://website.xyz user passw
Error:
  × Can't connect to server
  ├─▶ WebSocket protocol error: Missing, duplicated or incorrect header sec-websocket-key
  ╰─▶ Missing, duplicated or incorrect header sec-websocket-key

Debug shows this:

[2022-10-10 07:44:05.155275 +03:00] DEBUG [ureq::stream] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/stream.rs:359: connecting to website.xyz:443 at 123.456.789:443
[2022-10-10 07:44:05.156178 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:56: No cached session for DnsName(DnsName(DnsName("website.xyz")))
[2022-10-10 07:44:05.156264 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:128: Not resuming any session
[2022-10-10 07:44:05.158592 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:584: Using ciphersuite TLS13_AES_256_GCM_SHA384
[2022-10-10 07:44:05.158640 +03:00] DEBUG [rustls::client::tls13] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/tls13.rs:127: Not resuming
[2022-10-10 07:44:05.158767 +03:00] DEBUG [rustls::client::tls13] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/tls13.rs:392: TLS1.3 encrypted extensions: [ServerNameAck]
[2022-10-10 07:44:05.158784 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:453: ALPN protocol is None
[2022-10-10 07:44:05.161903 +03:00] DEBUG [ureq::stream] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/stream.rs:187: created stream: Stream(RustlsStream)
[2022-10-10 07:44:05.161924 +03:00] DEBUG [ureq::unit] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/unit.rs:261: sending request GET https://website.xyz/ocs/v2.php/cloud/capabilities
[2022-10-10 07:44:05.161943 +03:00] DEBUG [ureq::unit] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/unit.rs:459: writing prelude: GET /ocs/v2.php/cloud/capabilities HTTP/1.1
Host: website.xyz
User-Agent: ureq/2.5.0
Authorization: ***
Accept: application/json
OCS-APIREQUEST: true
accept-encoding: gzip
[2022-10-10 07:44:05.162555 +03:00] DEBUG [rustls::client::tls13] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/tls13.rs:1047: Ticket saved
[2022-10-10 07:44:05.162596 +03:00] DEBUG [rustls::client::tls13] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/tls13.rs:1047: Ticket saved
[2022-10-10 07:44:05.610520 +03:00] DEBUG [ureq::response] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/response.rs:325: Body entirely buffered (length: 1706)
[2022-10-10 07:44:05.610563 +03:00] DEBUG [ureq::pool] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/pool.rs:131: adding stream to pool: https|website.xyz|443 -> Stream(RustlsStream)
[2022-10-10 07:44:05.610644 +03:00] DEBUG [ureq::unit] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/unit.rs:314: response 200 to GET https://website.xyz/ocs/v2.php/cloud/capabilities
[2022-10-10 07:44:05.610664 +03:00] DEBUG [ureq::stream] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/ureq-2.5.0/src/stream.rs:302: dropping stream: Stream(RustlsStream)
[2022-10-10 07:44:05.610838 +03:00] DEBUG [test_client] test_client/src/main.rs:92: Supported capabilities: ["activity", "bruteforce", "circles", "core", "dav", "files", "files_sharing", "metadataAvailable", "notifications", "notify_push", "ocm", "password_policy", "provisioning_api", "theming", "user_status", "weather_status"]
[2022-10-10 07:44:05.610921 +03:00] INFO [test_client] test_client/src/main.rs:29: Found push server at wss://website.xyz/push/ws
[2022-10-10 07:44:05.615707 +03:00] DEBUG [tungstenite::client] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/tungstenite-0.17.3/src/client.rs:127: Trying to contact wss://website.xyz/push/ws at 123.456.789:443...
[2022-10-10 07:44:05.616638 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:56: No cached session for DnsName(DnsName(DnsName("website.xyz")))
[2022-10-10 07:44:05.616696 +03:00] DEBUG [rustls::client::hs] /home/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/rustls-0.20.6/src/client/hs.rs:128: Not resuming any session

[magnushas]

I was able to do a quick-and-dirty fix to get test_client working by adding some headers as referenced in https://github.com/websockets-rs/rust-websocket/issues/258. I hard-coded the "Host" header since I didn't have time to dig deeper into the code.

Diff:

diff --git a/test_client/src/main.rs b/test_client/src/main.rs
index 75909a9..6b90c2b 100644
--- a/test_client/src/main.rs
+++ b/test_client/src/main.rs
@@ -29,6 +29,11 @@ fn main() -> Result<()> {
     info!("Found push server at {}", ws_url);

     let ws_request = Request::get(ws_url)
+       .header("Sec-WebSocket-Key", tungstenite::handshake::client::generate_key())
+       .header("Connection", "Upgrade")
+       .header("Upgrade", "websocket")
+       .header("Sec-WebSocket-Version", "13")
+       .header("Host", "website.xyz")
         .body(())
         .into_diagnostic()
         .wrap_err("Invalid websocket url")?;

[francoisPE]

This is issue is blocking notify_push server !

[icewind1991]

Fixed with 03aa38d

[noseshimself]

Still getting this error with the version included in current docker containers (0.6.3)