Verison Information
phabricator e3f4f051fea261c2f009b5a5d5b2f5b037d5d80b (Sat, Jun 4)
arcanist 2234c8cacc21ce61c9c10e8e5918b6a63cc38fc8 (Mon, May 16)
phutil e4f8b70e73faff0edeb3a310c0ff1d10b4b54949 (Fri, Jun 3)
sprint df6e9dee03e4dd0da551199df33b6d04bf096d32 (Apr 11 2016)
Setup (Steps to Reproduce)
- use current phabricator version
- I am using a derived image (https://hub.docker.com/r/cguenther/docker-phabricator-sprint/), which contains additionally the sprint extension, but it should not be related to the issue
- use nginx ssl terminating reverse proxy
- configure exactly as the setup guide instructs https://secure.phabricator.com/book/phabricator/article/notifications/
Aphlict config
My aphlict.conf contains:
{ "servers": [ { "type": "client", "port": 22280, "listen": "0.0.0.0", "ssl.key": null, "ssl.cert": null, "ssl.chain": null }, { "type": "admin", "port": 22281, "listen": "127.0.0.1", "ssl.key": null, "ssl.cert": null, "ssl.chain": null } ], "logs": [ { "path": "/dev/stdout" } ], "pidfile": "/run/watch/aphlict" }
Configure nginx ssl terminating reverse proxy
The ssl terminating nginx reverse proxy config is taken from the guide page:
https://secure.phabricator.com/book/phabricator/article/notifications/:
/etc/nginx/conf.d/connection_upgrade.conf
/etc/nginx/conf.d/websocket_pool.conf
- i changed the 127.0.0.1 to the phabricator container
/etc/nginx/sites-enabled/phabricator.example.com.conf
Configure phabricator notification server connection
The notification.servers config contains:
[ { "type": "client", "host": "phabricator.<changedForPrivacyReasons>.net", "port": 443, "protocol": "https", "path": "/ws/" }, { "type": "admin", "host": "127.0.0.1", "port": 22281, "protocol": "http" } ]
Validating functionality
The notification server status page shows that everything is ready to start. The client connects to the port 443 using https at /ws/ subpath . The nginx proxy maps that to the non ssl 22280 port of the aphlict server. The status shows 'connected'. The server itself is also connected.
The problem
The strange part is, that the the browser (chromium and firefox) are not connecting as clients. The status page shows 0 active clients all the time. Nevertheless the server generates correctly the messages as In messages, but also here the Out count remains 0. The chrome developer tools shows that non websocket connection is tried to be established. So it seem that the browsers are not aware of being able to connect to the websocket.
So i tested with external sites, like this:
https://www.websocket.org/echo.html
Using this site, i am able to connect to my notification server as client using wss://phabricator.<changedForPrivacyReasons>.net/ws/. Also the client count raises in the notification server status page. So i think the nginx reverse proxy configuration seems valid. But something prevents the phabricator in the browser from connecting.
Is someone able to run the phabricator notifications through the ssl terminating nginx reverse proxy? Is somewhere a flag to enable those notifications, which i missed?