Socket closed - Container Terminal is unavailable

[jeyare]

@Rusty - how to solve "Socket closed" message from DSM Docker Terminal console, when the DSM is behind Reverse proxy.

 

[Rusty]

@Rusty - how to solve "Socket closed" message from DSM Docker Terminal console, when the DSM is behind Reverse proxy.

Good question. Haven't had time to tacket that... Personally, I use Portainer for all my docker needs, but always locally, so it always works. I am aware of the situation that you are talking about but just didn't have time to get into it. VPN back into lan and case closed for me.

 

[jeyare]

locally it is fine, thx. It is not hurry for me ATM.

 

[Rusty]

Well accessing ssh on a container via the internet (even if its via revers) its a security problem, just like having 22 open on your router (that's a major security issue). So, reverse ssh is the same deal. This can be done, but I don't recommend it.

 

[jeyare]

no no

 

[jphermans]

Today, I have noticed that I have the same problem 'socket closed' on all my containers. Have been searching the internet for a solution but the given solutions are not working for me. One of the solutions is in the link: Websocket docker . Does someone have another workaround for this ?

 

[jphermans]

Today, I have noticed that I have the same problem 'socket closed' on all my containers. Have been searching the internet for a solution but the given solutions are not working for me. One of the solutions is in the link: Websocket docker . Does someone have another workaround for this ?

Does anyone have the same problem? I have already did a test with different browsers on my mac. Even a test with MS edge on a windows pc but still the same error. Then did a test on a digital ocean vps with docker installed and there I have again this but then within portainer.

 

[Rusty]

Haven’t looked into it but as far as I recall this will not work out of the box via internet and/or revers proxy. My suggestion is tunnel back into that LAN and use it via local ip address

 

[jphermans]

Haven’t looked into it but as far as I recall this will not work out of the box via internet and/or revers proxy. My suggestion is tunnel back into that LAN and use it via local ip address

That's working. Then I have to connect via vpn if I want to do something when I am not home. Thanks anyway.

 

[Scyto]

As i was creating this post to ask if anyone solved it, i think i solved it.

What's interesting is even when inside the LAN by default when you are accessing docker DSM app over default DSM HTTP or HTTPS ports we are going through a nginx reverse proxy.

So I took a look at the default nginx settings for the docker app in [email protected]:/etc/nginx/conf.d/dsm.pkg-static.Docker-70163528.conf

location ~ ^/docker/ws {
        proxy_set_header X-Server-IP $server_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-HTTPS $https;
        proxy_set_header X-Server-Port $server_port;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_pass http://127.0.0.1:512;

the only thing different from my existing nginx server location config were:
1) my location is for the whole server, not the /docker/ws location
2) proxy_read_timeout was set to 60s on my machine
3) my proxy_pass is set to the internal docker IP address of the synology host DSM HTTPS port

so I changed just the timeout in my server location in my personal nginx server config like follows:

location /  {
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_pass  https://172.17.0.1:5101;
    }

Now the timeout is 1 hour.

If you are using the built-in application portal instead of your own nginx you will need to add the websocket in the reverse proxy rules dialog on the custom header tab (it will add it for you if you click the drop down arrow on create) and on the advanced settings tab you will need to change the 'proxy read time out' to 3600s (aka an hour, or whatever you need it to be).

To be clear I am not advocating anyone should be accessing this externally, I actually use an nginx server inside my network to normalize a bunch of web sites down to all operate on 443 and individual host names per web service, including DSM so i don't have to cack about with port numbers (sledge hammer to crack a wallnut, i know!)

I guess if you want different proxy_read_timeouts you could use normal 60s for the main location and 3600 just for /docker/ws

YMMV