Failed to upgrade websocket connection

Summary

mattermost client alert a red bar on the top ,shows
Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port

Steps to reproduce

My site is mattermost 5.19.1 on windows 2016
with reverse proxy on IIS
<config.json>
{
“ServiceSettings”: {
“SiteURL”: “http://mmtest.XXX.com.tw”,
“WebsocketURL”: “”,
“LicenseFileLocation”: “”,
“ListenAddress”: “:8065”,
“ConnectionSecurity”: “”,
“TLSCertFile”: “”,
“TLSKeyFile”: “”,
“TLSMinVer”: “1.2”,
“TLSStrictTransport”: false,
“TLSStrictTransportMaxAge”: 63072000,
“TLSOverwriteCiphers”: [],
“UseLetsEncrypt”: false,
“LetsEncryptCertificateCacheFile”: “./config/letsencrypt.cache”,
“Forward80To443”: false,
“TrustedProxyIPHeader”: [
“X-Forwarded-For”,
“X-Real-IP”
],
“ReadTimeout”: 300,
“WriteTimeout”: 300,
“MaximumLoginAttempts”: 10,
“GoroutineHealthThreshold”: -1,
“GoogleDeveloperKey”: “”,
“EnableOAuthServiceProvider”: false,
“EnableIncomingWebhooks”: true,
“EnableOutgoingWebhooks”: true,
“EnableCommands”: true,
“EnableOnlyAdminIntegrations”: true,
“EnablePostUsernameOverride”: false,
“EnablePostIconOverride”: false,
“EnableLinkPreviews”: false,
“EnableTesting”: false,
“EnableDeveloper”: false,
“EnableSecurityFixAlert”: true,
“EnableInsecureOutgoingConnections”: false,
“AllowedUntrustedInternalConnections”: “”,
“EnableMultifactorAuthentication”: false,
“EnforceMultifactorAuthentication”: false,
“EnableUserAccessTokens”: false,
“AllowCorsFrom”: “”,
“CorsExposedHeaders”: “”,
“CorsAllowCredentials”: false,
“CorsDebug”: false,
“AllowCookiesForSubdomains”: false,
“SessionLengthWebInDays”: 180,
“SessionLengthMobileInDays”: 180,
“SessionLengthSSOInDays”: 30,
“SessionCacheInMinutes”: 10,
“SessionIdleTimeoutInMinutes”: 43200,
“WebsocketSecurePort”: 443,
“WebsocketPort”: 80,
“WebserverMode”: “gzip”,
“EnableCustomEmoji”: false,
“EnableEmojiPicker”: true,
“EnableGifPicker”: false,
“GfycatApiKey”: “2_KtH_W5”,
“GfycatApiSecret”: “3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof”,
“RestrictCustomEmojiCreation”: “all”,
“RestrictPostDelete”: “all”,
“AllowEditPost”: “always”,
“PostEditTimeLimit”: -1,
“TimeBetweenUserTypingUpdatesMilliseconds”: 5000,
“EnablePostSearch”: true,
“MinimumHashtagLength”: 3,
“EnableUserTypingMessages”: true,
“EnableChannelViewedMessages”: true,
“EnableUserStatuses”: true,
“ExperimentalEnableAuthenticationTransfer”: true,
“ClusterLogTimeoutMilliseconds”: 2000,
“CloseUnusedDirectMessages”: false,
“EnablePreviewFeatures”: true,
“EnableTutorial”: true,
“ExperimentalEnableDefaultChannelLeaveJoinMessages”: true,
“ExperimentalGroupUnreadChannels”: “disabled”,
“ExperimentalChannelOrganization”: false,
“ImageProxyType”: “”,
“ImageProxyURL”: “”,
“ImageProxyOptions”: “”,
“EnableAPITeamDeletion”: false,
“ExperimentalEnableHardenedMode”: false,
“DisableLegacyMFA”: true,
“ExperimentalStrictCSRFEnforcement”: false,
“EnableEmailInvitations”: true,
“DisableBotsWhenOwnerIsDeactivated”: true,
“EnableBotAccountCreation”: false,
“EnableSVGs”: false,
“EnableLatex”: false
},
…

Expected behavior

the site works well except the websocket connection fail

Observed behavior

mattermost web client alert a red bar on the top ,shows
Please check connection, Mattermost unreachable. If issue persists, ask administrator to check WebSocket port

Have you had a chance to take a look at our troubleshooting docs https://docs.mattermost.com/install/troubleshooting.html#please-check-connection-mattermost-unreachable-if-issue-persists-ask-administrator-to-check-websocket-port?

Thks for the reoly,the article did not help,
I use IIS with the websocket installed ( not using NGINX as proxy)
Configure reverse proxy by the following steps
1.Download the URL Rewrite 2.0 x64 module.
2.Download the Application Request Routing 3.0 x64 module.
3.Install the modules (trivial installers with no customizations or options to select).
4.On the Start page, click the Server Manager tile, and then click OK.
5.Expand the Tools menu, and select Information Information Services (IIS) Manager.
6.In the left-hand navigation tree, expand the server node, expand Sites, and select Default Web Site.
7.Double-click the URL Rewrite feature
8.In the actions pane (far-right), select Add Rule(s)…
9.Select Reverse Proxy and press OK.
10.In the Add Reverse Proxy Rules dialog,
11.Enter 10.0.0.2:8065 in the Enter the server name or IP address where HTTP requests will be forwarded field.
12.Ensure the Enable SSL Offloading option is checked.
13.Check Rewrite the domain names of the links in HTTP responses
14.Enter 10.0.0.2:8065 in the From field.
15.Enter mattermost.example.com in the To field.
16.Press OK
the mattermost website work fine , but websocket connection fail (even browser on the server site)

Is there any way to fix that ?

Is there any solution for this problem ? The troubleshooting docs did not help
Is there any advice provided by your team?

@ahmaddanial Are you familiar with this issue?

Hello, @amy.blais @robert9780

Can you check on your developer tools to verify that the header and origin match each other? For example, this is what I see when I am logged in to community.mattermost.com:

• If not, you’ll need to add the origin to your AllowCorsFrom parameter in config.json.
• If they match, double check the reverse proxy on IIS to make sure that they are forwarding the headers correctly.

As the pictures shows , the Host and Origin matches ,
and the IIS URL rewrite setting like below

Is this means the IIS reverse proxy forward the right headers?

If so , the problem is still there. It’s so upset…

@ahmaddanial
I add the origin to ‘AllowCorsFrom’ parameter in config.json and it works!
Thanks for your help!

You are most welcome, @robert9780 Any time!

I’m also facing same issue only in mobile browser . Desktop/browser apps is not showing the error.
I have added AllowCorsFrom to *. But no luck. Any help ?

hi robert，
I have the same issue,
can you help me to sovled this problem?
thanks a lot

In the system console of your Mattermost instance, in the CORS configuration section, add a * to the record, and click save. This should fix it, according to Post #8