Can't connect to Rust executable running on live server

Hey all!

I'm not sure if my problem is even related to the Rust part, but it's an issue with my Rust project so I'm asking it here. Thanks!

Ok, so I have a Rust websocket server that is basically a modified version of this project (handling other websocket messages for my application): GitHub - tmsdev82/basic-warp-websocket-server-tutorial

It runs locally on my macbook at ws://127.0.0.1:8000/ws

I can connect there from a few different clients. Nice!

So now I want to deploy it for real. I rent an ubuntu server and use lets encrypt certbot to register SSL for "quackers-beta.jimlynchcodes.com" and "www.quackers-beta.jimlynchcodes.com"

I then use cross-rs to make a build that supports linux, move it over to my server using scp, and then run it with "/root/live/quackers-ws-server"

It shows the same output as running locally: Starting server on ws://127.0.0.1:8000/ws

I have nginx set up using the file "/etc/nginx/sites-available/quackers-beta.jimlynchcodes.com" with this contents that I THOUGHT should be routing the incoming ssl traffic to that locally running process:

(Note that the CORS part is commented out)

located in the file: /etc/nginx/sites-available/quackers-beta.jimlynchcodes.comserver

{
    listen 80;
    server_name quackers-beta.jimlynchcodes.com;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name quackers-beta.jimlynchcodes.com;

    # SSL/TLS Configuration
    ssl_certificate /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA>
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_session_tickets off;

    # use CORS Restrict requests to the specific itch.io domain
    #    if ($http_referer !~* "^https?://(www\.)?quackers-game\.itch\.io") {
    #       return 403;  # Deny access
    #  }

    # Add HSTS Header
    add_header Strict-Transport-Security "max-age=31536000; 
    includeSubDomains; preload" always;

    # Security Headers
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';";

    location /ws/ {
        proxy_pass http://localhost:8000;  # Adjust port based on your Rust app

        # WebSocket specific headers
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;  # Handle WebSocket connections
        proxy_set_header Connection "upgrade";

        # Default headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

My ufw firewall rules:

To Action From

---

22/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
443/tcp ALLOW Anywhere
Nginx Full ALLOW Anywhere
443 ALLOW Anywhere
80/tcp ALLOW Anywhere
8000/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
8000/tcp (v6) ALLOW Anywhere (v6)

Seems like everything is up and running as expected, but when I try to connect to it from my ws clients they can't connect.

For example using wscat from command line:
wscat -c wss://quackers-beta.jimlynchcodes.com

give me the error:
error: Unexpected server response: 200

Trying with the /ws at the end:
wscat -c wss://quackers-beta.jimlynchcodes.com/ws

give the error:
error: Unexpected server response: 404

Does anyone see what I am doing wrong here? How can I setup this server to only allow this secure connection so that it allows me to connect to this running server from my clients using the secure wss?

This maybe a silly question, but did you also try the same request with a trailing slash.

Is your NGINX config correct I think the location directive strips the /ws leaving a call without the uri component being sent to rust.

If you call your_domain/ws/ws what happens?

Or update proxy_pass to http://localhost:8000/ws;

Your web server is not configured to pass requests through to your web socket server on the URL you are trying to connect to:

> GET / HTTP/1.1
> Host: quackers-beta.jimlynchcodes.com
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Server: nginx/1.26.0 (Ubuntu)
< Date: Fri, 18 Oct 2024 19:50:47 GMT
< Content-Type: text/html
< Content-Length: 615
< Last-Modified: Thu, 17 Oct 2024 16:48:11 GMT
< Connection: keep-alive
< ETag: "67113fcb-267"
< Accept-Ranges: bytes
< 
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Given that your web server is also not responding with the X-Content-Type-Options nosniff headers and other headers you are configuring in nginx, I would suspect that your nginx configuration is routing these requests to some other server {} block. Without seeing the whole configuration, it'd be hard to be more specific, but I'd start with reviewing your nginx configuration.

The same analysis applies to the URLs ending in /ws or /ws/, though they return the default nginx 404 page, rather than the default 200 welcome page.

I tried rebuilding the project to run on 0.0.0.0:8000 rather than 127.0.0.1:8000, but it doesn't seem to help same errors.

When I try the wscat on the server with the local url it does work and connect though, so I'm pretty sure the rust part is actually running and the issue is somewhere in the nginx stuff...

I'm pretty sure the rust part is actually running and the issue is somewhere in the nginx stuff.

I agree with your analysis; I think you're on the right track based on your description and based on superficial poking at your server with curl.

Without seeing the whole configuration, it'd be hard to be more specific, but I'd start with reviewing your nginx configuration.

You had a response here earlier that the above was the whole configuration. I suspect there's more to it. If you're using the stock Ubuntu packages for nginx, the configuration starts at /etc/nginx/nginx.conf. Files such as those under sites-available are included into that configuration, but they aren't the whole configuration.

I would not recommend you go and edit nginx.conf directly, but it might be a good idea to read through the whole thing. What I would suggest trying, if you can handle the downtime, is disabling other virtual hosts one by one until yours either starts working or generates a different error; that may tell you if there's a conflict between two sites on your server.

ok, you what you mean now.

Here is my full file at "/etc/nginx/nginx.conf". What I'm I supposed to be reading for in here?

cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log debug;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	server_tokens build; # Recommended practice is to turn this off

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
	ssl_prefer_server_ciphers off; # Don't force server cipher order.

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

Also, I'm not sure what you mean by "disabling other virtual hosts".

I just created this ubuntu instance for the sole purpose of running this websocket server. There is nothing else running on there...

I just realized I've forgotten to ask a foundational question. When you added the /etc/nginx/sites-available/quackers-beta.jimlynchcodes.com configuration, did you restart or reload nginx (sudo systemctl restart nginx, for example)? If yes, did it restart successfully?

Yeah I’ve been running that restart command and the reload one every time, even though I’m pretty sure I don’t need both.

I'm assuming they succeeded. There’s no output when I run them…

Don't forget there is sudo systemctl status nginx that will at least show it is running or not together with a little of it's last logging output.

You can check what appears in /var/log/syslog when you make requests to nginx.

Also nginx -t will tell nginx to check it's configuration.

Thanks. nginx -t always succeeds fine for me, but I still can't connect.

sudo systemctl status nginx gives me this output:

● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Fri 2024-10-18 21:49:07 UTC; 2h 11min ago
 Invocation: 952f46992dfa424b843e0ed6ca0a226c
       Docs: man:nginx(8)
    Process: 22357 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 22360 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 22372 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
   Main PID: 22361 (nginx)
      Tasks: 2 (limit: 1019)
     Memory: 3.5M (peak: 5.1M)
        CPU: 127ms
     CGroup: /system.slice/nginx.service
             ├─22361 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─22374 "nginx: worker process"

Oct 18 21:49:07 quackers-beta-1 systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server...
Oct 18 21:49:07 quackers-beta-1 systemd[1]: Started nginx.service - A high performance web server and a reverse proxy server.
Oct 18 21:49:16 quackers-beta-1 systemd[1]: Reloading nginx.service - A high performance web server and a reverse proxy server...
Oct 18 21:49:16 quackers-beta-1 nginx[22372]: 2024/10/18 21:49:16 [notice] 22372#22372: signal process started
Oct 18 21:49:16 quackers-beta-1 systemd[1]: Reloaded nginx.service - A high performance web server and a reverse proxy server.

Here is some output from running cat /var/log/syslog

EC=0x00 TTL=54 ID=51104 PROTO=TCP SPT=58508 DPT=4860 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:50:54.633344+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=202.112.238.240 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59508 DPT=29526 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:51:00.940672+00:00 quackers-beta-1 systemd[1]: Starting fwupd-refresh.service - Refresh fwupd metadata and update motd...

2024-10-18T23:51:00.981586+00:00 quackers-beta-1 systemd[1]: fwupd-refresh.service: Deactivated successfully.

2024-10-18T23:51:00.982113+00:00 quackers-beta-1 systemd[1]: Finished fwupd-refresh.service - Refresh fwupd metadata and update motd.

2024-10-18T23:51:09.477209+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=205.210.31.147 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=51085 DPT=10250 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:51:24.702460+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=128.14.227.37 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=TCP SPT=51072 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:51:48.176041+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.242.226.41 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43023 DPT=4550 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:52:01.822993+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=78.129.171.79 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52126 PROTO=TCP SPT=55402 DPT=1194 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:52:23.207794+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.150 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=47878 PROTO=TCP SPT=49670 DPT=43747 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:52:43.642096+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=87.121.86.84 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=19599 PROTO=TCP SPT=59646 DPT=3128 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-18T23:53:11.467244+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=154.213.190.199 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=28425 PROTO=TCP SPT=49766 DPT=3858 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-18T23:53:22.421615+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=87.247.158.133 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=8861 PROTO=TCP SPT=51587 DPT=6002 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-18T23:53:50.387491+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=8.141.2.88 DST=45.77.220.189 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=59754 DF PROTO=TCP SPT=58398 DPT=6379 WINDOW=64240 RES=0x00 SYN URGP=0

2024-10-18T23:54:05.981134+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=83.222.191.90 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13676 PROTO=TCP SPT=45316 DPT=11010 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:54:24.468537+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=92.255.85.51 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64006 PROTO=TCP SPT=50341 DPT=55558 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:54:51.759740+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=162.216.149.237 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=56400 DPT=2040 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:55:01.488548+00:00 quackers-beta-1 CRON[24418]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)

2024-10-18T23:55:16.677156+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.166 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8283 PROTO=TCP SPT=45222 DPT=5075 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:55:29.370419+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=147.185.133.251 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=49504 DPT=8160 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:55:42.668803+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.139 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41045 PROTO=TCP SPT=57387 DPT=17108 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:56:07.034402+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.150 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=34251 PROTO=TCP SPT=49670 DPT=28334 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:56:23.124213+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.139 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38607 PROTO=TCP SPT=57387 DPT=15728 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:56:49.331225+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=58.40.153.198 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=59204 PROTO=TCP SPT=42397 DPT=23 WINDOW=46989 RES=0x00 SYN URGP=0

2024-10-18T23:57:14.813460+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=154.213.190.197 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=17232 PROTO=TCP SPT=49835 DPT=3861 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-18T23:57:23.503861+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=35.203.210.6 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=57254 DPT=47676 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:58:09.279820+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.139 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=21691 PROTO=TCP SPT=57387 DPT=26935 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:58:10.880127+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.245 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25861 PROTO=TCP SPT=55282 DPT=25112 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:58:23.271136+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=139.144.239.74 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55367 DPT=4782 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:59:01.498464+00:00 quackers-beta-1 CRON[24501]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 60 2)

2024-10-18T23:59:16.343776+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=147.185.132.189 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=57269 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-18T23:59:36.341764+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=161.35.83.172 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=5682 PROTO=TCP SPT=56341 DPT=8585 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-18T23:59:45.599325+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=51.161.128.76 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=37207 PROTO=TCP SPT=60000 DPT=4015 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-18T23:59:50.093029+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=179.43.133.162 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=34846 DPT=9002 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:00:00.692430+00:00 quackers-beta-1 systemd[1]: Starting dpkg-db-backup.service - Daily dpkg database backup service...

2024-10-19T00:00:00.697610+00:00 quackers-beta-1 systemd[1]: Starting sysstat-collect.service - system activity accounting tool...

2024-10-19T00:00:00.699626+00:00 quackers-beta-1 systemd[1]: Starting sysstat-rotate.service - system activity accounting tool...

2024-10-19T00:00:00.758125+00:00 quackers-beta-1 systemd[1]: sysstat-collect.service: Deactivated successfully.

2024-10-19T00:00:00.760228+00:00 quackers-beta-1 systemd[1]: Finished sysstat-collect.service - system activity accounting tool.

2024-10-19T00:00:00.764300+00:00 quackers-beta-1 systemd[1]: sysstat-rotate.service: Deactivated successfully.

2024-10-19T00:00:00.765083+00:00 quackers-beta-1 systemd[1]: Finished sysstat-rotate.service - system activity accounting tool.

2024-10-19T00:00:00.855339+00:00 quackers-beta-1 systemd[1]: dpkg-db-backup.service: Deactivated successfully.

2024-10-19T00:00:00.856089+00:00 quackers-beta-1 systemd[1]: Finished dpkg-db-backup.service - Daily dpkg database backup service.

2024-10-19T00:00:01.509396+00:00 quackers-beta-1 CRON[24600]: (root) CMD (test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --no-random-sleep-on-renew)

2024-10-19T00:00:12.408065+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=147.185.132.45 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=54063 DPT=8333 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:00:28.566074+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=87.120.166.244 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43162 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:00:57.267518+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.234.216.57 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20118 PROTO=TCP SPT=54895 DPT=6222 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:01:12.728591+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=79.110.62.150 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=56859 PROTO=TCP SPT=49670 DPT=39161 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:01:27.875849+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.113.223.24 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47249 PROTO=TCP SPT=55961 DPT=3369 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:01:52.349883+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=161.35.83.172 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=44939 PROTO=TCP SPT=56341 DPT=11344 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-19T00:02:03.891834+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=173.199.117.55 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=38264 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:02:31.992748+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=173.199.117.55 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=43411 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:02:43.633671+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=172.169.206.199 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49105 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:03:08.238993+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=173.199.117.55 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=34456 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:03:25.643579+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=80.66.83.49 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=46892 PROTO=TCP SPT=51526 DPT=12343 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-19T00:03:49.566686+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=198.235.24.241 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=39340 PROTO=TCP SPT=51240 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:04:05.012877+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.234.216.166 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45038 PROTO=TCP SPT=48172 DPT=3397 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:04:30.433724+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=162.142.125.237 DST=45.77.220.189 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=49533 PROTO=TCP SPT=58677 DPT=29287 WINDOW=42340 RES=0x00 SYN URGP=0

2024-10-19T00:04:46.674959+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=78.128.114.2 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=26548 PROTO=TCP SPT=58506 DPT=9683 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-19T00:05:01.521215+00:00 quackers-beta-1 CRON[24720]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)

2024-10-19T00:05:07.057706+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.242.226.38 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33578 DPT=3561 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:05:23.880471+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=185.242.226.38 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47291 DPT=3556 WINDOW=65535 RES=0x00 SYN URGP=0

2024-10-19T00:05:44.934636+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=118.123.105.89 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=57837 PROTO=TCP SPT=41812 DPT=9125 WINDOW=63540 RES=0x00 SYN URGP=0

2024-10-19T00:06:05.667258+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=162.221.197.18 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13401 PROTO=TCP SPT=33329 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0

2024-10-19T00:06:28.995806+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=87.247.158.133 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=3669 PROTO=TCP SPT=51587 DPT=16898 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-19T00:06:59.895810+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=87.121.86.87 DST=45.77.220.189 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=57486 PROTO=TCP SPT=41154 DPT=4153 WINDOW=1025 RES=0x00 SYN URGP=0

2024-10-19T00:07:01.389678+00:00 quackers-beta-1 systemd[1]: Starting sysstat-summary.service - Generate a daily summary of process accounting...

2024-10-19T00:07:01.496457+00:00 quackers-beta-1 systemd[1]: sysstat-summary.service: Deactivated successfully.

2024-10-19T00:07:01.496975+00:00 quackers-beta-1 systemd[1]: Finished sysstat-summary.service - Generate a daily summary of process accounting.

2024-10-19T00:07:20.841059+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=118.193.65.175 DST=45.77.220.189 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=4227 DF PROTO=TCP SPT=40592 DPT=9242 WINDOW=29200 RES=0x00 SYN URGP=0

2024-10-19T00:07:27.573558+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=172.245.112.205 DST=45.77.220.189 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=43748 DF PROTO=TCP SPT=49882 DPT=8545 WINDOW=64240 RES=0x00 SYN URGP=0

2024-10-19T00:07:44.951846+00:00 quackers-beta-1 kernel: [UFW BLOCK] IN=enp1s0 OUT= MAC=56:00:05:22:87:7c:5e:12:47:f9:6a:fc:08:00 SRC=92.255.85.28 DST=45.77.220.189 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=44807 PROTO=TCP SPT=50213 DPT=55158 WINDOW=1024 RES=0x00 SYN URGP=0

hmmm is it that ufw is blocking the requests? But why? I have all these rules on ufw allowing 443 and even 8000, 80...

• DPT=4860
• DPT=29526
• DPT=10250
• DPT=3128
• DPT=3858

Huh? requests seem to be coming in on completely random ports... what the heck is going on here?

I don't know if this might help but I have nginx in front of a web socket servers written in Rust and node.js and the nginx server config contains the following ws location section:

server {
    ...
    ...
    location /ws {
        rewrite ^/ws(.*) $1 break;
        proxy_pass http://localhost:6502;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    	proxy_read_timeout 86400;
    ...
    ...
}

/thanks @ZiCog

I tried adding the rewrite rule into my nginx config and then reloaded nginx, but my wscat calls still give me the same error responses.

Is your server running at ws://localhost:6502/ws ?

Do you add the ws on the end when you call the wss endpoint?

I was just checking one of our servers to remind myself how this all fits toogether.
The web socket is forwared with the following in a file in sites-available:

server {
    ...
    ...
    location /ws {
        rewrite ^/ws(.*) $1 break;
        proxy_pass http://localhost:6502;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
	    proxy_read_timeout 86400;	
    }
    ...
    ...
}

Our web socket server is configure to listen on 127.0.0.1:6502 I don't know why we don't use 'localhost' there.

Then a web page accessing that web socket does it by connecting to: ´wss://hostname/ws/somepath´

Note the web page makes secure access with wss:. That security is handled by nginx. The backend websocket server knows nothing of https.

It would likely help to watch the end of your nginx access logs when trying to connect to your websocket:

sudo tail -100  /var/log/nginx/access.log
sudo tail -100  /var/log/nginx/error.log

I recall studying those quite a bit when I set this up.

HUZZZZZAAAAAAAAHHHHHHH

Finally able to connect!!!

I think something weird was going on here where it was like not even picking up the config file I created even though there is the line in nginx.conf saying to load everything in site-enabled...

When I ran sudo nginx -t before it didn't output anything so I assumed it was fine. Then I tried to check just that file:

sudo nginx -t -c /etc/nginx/sites-available/quackers-beta.jimlynchcodes.com

which gave me the error:
[emerg] 34555#34555: "server" directive is not allowed here in /etc/nginx/sites-available/quackers-beta.jimlynchcodes.com:1

nginx: configuration file /etc/nginx/sites-available/quackers-beta.jimlynchcodes.com test failed

Kind of makes sense because that is not technically a full config file, just the server part...

So then I run sudo nginx -t again and all of a sudden I get a new error!

34599#34599: conflicting server name "quackers-beta.jimlynchcodes.com" on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

So now I'm like, huh why is it saying conflicting server name?

So I run grep -r "quackers-beta.jimlynchcodes.com" /etc/nginx/ and see this output:

/etc/nginx/sites-available/quackers-beta.jimlynchcodes.com: server_name quackers-beta.jimlynchcodes.com;

/etc/nginx/sites-available/quackers-beta.jimlynchcodes.com: ssl_certificate /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/fullchain.pem;

/etc/nginx/sites-available/quackers-beta.jimlynchcodes.com: ssl_certificate_key /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/privkey.pem;

/etc/nginx/sites-available/default: server_name quackers-beta.jimlynchcodes.com www.quackers-beta.jimlynchcodes.com; # managed by Certbot

/etc/nginx/sites-available/default: ssl_certificate /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/fullchain.pem; # managed by Certbot

/etc/nginx/sites-available/default: ssl_certificate_key /etc/letsencrypt/live/quackers-beta.jimlynchcodes.com/privkey.pem; # managed by Certbot

/etc/nginx/sites-available/default: if ($host = www.quackers-beta.jimlynchcodes.com) {

/etc/nginx/sites-available/default: if ($host = quackers-beta.jimlynchcodes.com) {

/etc/nginx/sites-available/default: server_name quackers-beta.jimlynchcodes.com www.quackers-beta.jimlynchcodes.com;

All the stuff in "sites-enabled/default" that was created by letsencrypt certbot...

So I open up /etc/nginx/sites-available/default, basically comment out everything, reload / restart nginx, and then it says "Connected" in green when I run wscat -c wss://quackers-beta.jimlynchcodes.com/ws

The bit in my quackers-beta.jimlynchcodes.com file now looks like this, although I suspect there are many previous variations that would have worked before had I removed the default stuff...

location /ws {
        rewrite ^/ws/(.*)$ /$1 break;
        proxy_pass http://0.0.0.0:8000;

Phew.

THANKS EVERYBODY for helping out on this.

Wow, well done. For sure this stuff is not obvious.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.