Skip to content

bug: Could not establish wss connection when using 5443 port #18366

New issue
New issue
Open
Bug
Open
bug: Could not establish wss connection when using 5443 port#18366
Bug
Labels
needs-triageIssue that require triage
@Ricky-Hao

Description

@Ricky-Hao
Ricky-Hao
opened on Jun 13, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I deploy the coder on my home lab and use nginx proxy_pass.

graph LR
Nginx["Nginx 5443 port with tls"] --> Coder["Coder 80 port"]
Loading

When I access coder with https://coder.xxxxx.com:5443, it will show up this error and all of the wss connection failed.

Image

But if I change the Nginx listen port from 5443 to 443 and access coder with https://coder.xxxx.com, everything is working.

Here is my nginx config:

server {
    listen 5443 ssl;
    listen [::]:5443 ssl ipv6only=on;

    server_name coder.xxxxx.com *.coder.xxxxx.com;

    ssl_certificate "/acme.sh/coder.xxxxx.com_ecc/fullchain.cer";
    ssl_certificate_key "/acme.sh/coder.xxxxx.com_ecc/coder.xxxxx.com.key";

    location / {
        set $target_host coder.coder.svc.cluster.local;
        proxy_pass http://$target_host:80;
        # allow large file uploads
        client_max_body_size 50000M;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    }
}

Relevant Log Output

I check the log on Nginx, it shows

10.42.0.1 - - [14/Jun/2025:01:54:33 +0800] "GET /api/v2/notifications/inbox/watch?read_status=unread HTTP/1.1" 403 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 Edg/137.0.0.0" "-"


And the debug log on Coder

2025-06-13 17:45:02.630 [debu]  coderd: GET  host=coder.xxxxx.com  path=/api/v2/notifications/inbox/watch  proto=HTTP/1.1  remote_addr=10.42.0.233  start="2025-06-14T01:45:02.62513897+08:00"  requestor_id=95338bb9-03f4-4f07-9c8f-1a9bcd72c8f3  requestor_name=xxxxx  [email protected]  took=5.36254ms  status_code=403  latency_ms=5  request_id=cda11b6e-0c10-4929-997a-e2d3ac63c992

Expected Behavior

When nginx listen on 5443 and access https://coder.xxxxx.com:5443, the wss connection should work.

Steps to Reproduce

  1. Deploy a normal Coder instance
  2. Deploy a Nginx with SSL support, listen on 5443 port, proxy_pass to coder:80
  3. Access https://nginx:5443

Environment

  • Host OS: ArchLinux with K8s
  • Coder version: 2.23.1

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    needs-triageIssue that require triage

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions