cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

ERR failed to connect to origin error="websocket: bad handshake"

Open andreqts opened this issue 4 years ago • 5 comments

Same problem described in #324, but the solution described there does not work for me.

I configured access through email. I am able to connect to the server using SSH in the browser, and it works perfectly.

But if I open a Linux terminal, either in WSL2 or in a native UBUNTU 20 machine, when I execute the ssh command it ask me to login in a browser link. When I open the link, I enter my e-mail, receive and enter the code normally, and then it says I have logged in successfully in the browser. But immediately after that, in the terminal, I see this message:

2021-10-10T00:36:45Z ERR failed to connect to origin error="websocket: bad handshake" originURL=https://mytestapp.mydomain.com websocket: bad handshake kex_exchange_identification: Connection closed by remote host

I have Universal SSL enabled, and SSL/TLS encryption mode is Full, but I also tested with Flexible and Strict, and the result is exactly the same.

andreqts avatar Oct 10 '21 00:10 andreqts

Well, just to add more information, I have just installed cloudflared both in client and server machines, using the command:

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb

I am just testing for the first time, I think this service seems to be a great tool, but that is just another strange error I faced. Two others have been resolved very mysteriously, after some apparently not meaningful changes. I don't know if I don't have luck, or if this service is still immature, but it is a great promising tool, it is for sure.

andreqts avatar Oct 10 '21 01:10 andreqts

Hi @andreqts thank you for trying our service. The websocket: bad handshake usually means an error in how cloudflared connects to your origin. It will be helpful to know your cloudflared config.

chungthuang avatar Oct 21 '21 19:10 chungthuang

You may want to review the config-file documentation:

  • https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#default-cloudflared-directory

confirm the config.yml file you believe is being used, actually is being used.

And then move on to the last section of the ingress documentation:

  • https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress/#testing-your-configuration

The test listed there was quite helpful:

$ cloudflared tunnel ingress rule https://foo.example.com

tamsky avatar Mar 10 '22 04:03 tamsky

Same problem described in #324, but the solution described there does not work for me.

I configured access through email. I am able to connect to the server using SSH in the browser, and it works perfectly.

But if I open a Linux terminal, either in WSL2 or in a native UBUNTU 20 machine, when I execute the ssh command it ask me to login in a browser link. When I open the link, I enter my e-mail, receive and enter the code normally, and then it says I have logged in successfully in the browser. But immediately after that, in the terminal, I see this message:

2021-10-10T00:36:45Z ERR failed to connect to origin error="websocket: bad handshake" originURL=https://mytestapp.mydomain.com websocket: bad handshake kex_exchange_identification: Connection closed by remote host

I have Universal SSL enabled, and SSL/TLS encryption mode is Full, but I also tested with Flexible and Strict, and the result is exactly the same.

Fix :

Just Turn Off The Dam Binding Cookie Option In Access Application And Re-Configure App Launcher Policy

ghost avatar Jul 26 '22 17:07 ghost

Running cloudflared tunnel cleanup [name-of-your-tunnel] fixed the problem for me. Every other solution in both https://github.com/cloudflare/cloudflared/issues/324 and here didn't work.

azappella avatar Feb 12 '23 15:02 azappella

Hi,

This is the most prominent GitHub issue for the websocket error when enabling SSH access. My error message was of the format:

2023-05-06T12:16:07Z ERR failed to connect to origin error="websocket: bad handshake" originURL=https://aaaaa.bbbbbbbbb.ccc
websocket: bad handshake
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

To debug, the best advice was access the origin and login into cloudflared and tail the logs (taken from View Logs):

# Login
cloudflared tunnel login

# List tunnels
cloudflared tunnel list

# For tunnel of interest - keep this running and attempt another login
cloudflared tail <UUID>

# Will get output like this:
2023-05-06T12:24:10Z error http  {"cfRay":"7c3132d9fd7d4194-LHR","error":"dial tcp 127.0.0.1:22281: connect: connection refused","ingressRule":"5","originService":"ssh://127.0.0.1:22281"}

This error message made it really obvious; in my sshd_config file, I had specified specific IP address to permit SSH access and localhost or 127.0.0.1 wasn't one of them! Updating the SSH config fixed this issue.

So another check is to ensure the entry in the "Public Host" section actually works e.g. ssh user@localhost -p 22281.

miah0x41 avatar May 06 '23 12:05 miah0x41