Socket closed - Container Terminal is unavailable

Currently reading
Socket closed - Container Terminal is unavailable

@Rusty - how to solve "Socket closed" message from DSM Docker Terminal console, when the DSM is behind Reverse proxy.
Good question. Haven't had time to tacket that... Personally, I use Portainer for all my docker needs, but always locally, so it always works. I am aware of the situation that you are talking about but just didn't have time to get into it. VPN back into lan and case closed for me.
 
Well accessing ssh on a container via the internet (even if its via revers) its a security problem, just like having 22 open on your router (that's a major security issue). So, reverse ssh is the same deal. This can be done, but I don't recommend it.
 
Today, I have noticed that I have the same problem 'socket closed' on all my containers. Have been searching the internet for a solution but the given solutions are not working for me. One of the solutions is in the link: Websocket docker . Does someone have another workaround for this ?
 
Today, I have noticed that I have the same problem 'socket closed' on all my containers. Have been searching the internet for a solution but the given solutions are not working for me. One of the solutions is in the link: Websocket docker . Does someone have another workaround for this ?
Does anyone have the same problem? I have already did a test with different browsers on my mac. Even a test with MS edge on a windows pc but still the same error. Then did a test on a digital ocean vps with docker installed and there I have again this but then within portainer.

Screenshot 2020-04-08 at 17.44.40.png
 
Haven’t looked into it but as far as I recall this will not work out of the box via internet and/or revers proxy. My suggestion is tunnel back into that LAN and use it via local ip address
That's working. Then I have to connect via vpn if I want to do something when I am not home. Thanks anyway.
 
As i was creating this post to ask if anyone solved it, i think i solved it.

What's interesting is even when inside the LAN by default when you are accessing docker DSM app over default DSM HTTP or HTTPS ports we are going through a nginx reverse proxy.

So I took a look at the default nginx settings for the docker app in root@SYN02:/etc/nginx/conf.d/dsm.pkg-static.Docker-70163528.conf

Code:
location ~ ^/docker/ws {
        proxy_set_header X-Server-IP $server_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-HTTPS $https;
        proxy_set_header X-Server-Port $server_port;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_pass http://127.0.0.1:512;

the only thing different from my existing nginx server location config were:
1) my location is for the whole server, not the /docker/ws location
2) proxy_read_timeout was set to 60s on my machine
3) my proxy_pass is set to the internal docker IP address of the synology host DSM HTTPS port

so I changed just the timeout in my server location in my personal nginx server config like follows:

Code:
location /  {
        proxy_set_header Host $http_host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
        proxy_read_timeout 3600s;
        proxy_pass  https://172.17.0.1:5101;
    }

Now the timeout is 1 hour.

If you are using the built-in application portal instead of your own nginx you will need to add the websocket in the reverse proxy rules dialog on the custom header tab (it will add it for you if you click the drop down arrow on create) and on the advanced settings tab you will need to change the 'proxy read time out' to 3600s (aka an hour, or whatever you need it to be).

To be clear I am not advocating anyone should be accessing this externally, I actually use an nginx server inside my network to normalize a bunch of web sites down to all operate on 443 and individual host names per web service, including DSM so i don't have to cack about with port numbers (sledge hammer to crack a wallnut, i know!)

I guess if you want different proxy_read_timeouts you could use normal 60s for the main location and 3600 just for /docker/ws

YMMV
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Replies
5
Views
5,876
Just switched the NTP-server in DSM settings to another local NTP service and after refreshing date/time I...
Replies
3
Views
2,499
  • Question
Pihole UI will not work on 80, as 80 is in use by Synology's nginx (as it is 443), just bind it to some...
Replies
8
Views
10,507
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
389
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
957
I'm happy with email notifications but in v0.3.3 of dockcheck the author added apprise notifications...
Replies
4
Views
1,040
Hi, I'll start by saying, my understanding of networking is very limited so I apologize if I'm asking an...
Replies
0
Views
688

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top