Hi, Studio Code Server seemed to suddenly stop loading when I try to start it through a remote connection. I’m using Nginx and DuckDNS for SSL. It works when I connect internally using the IP Address but I get a forbidden error in the log when going through DuckDNS. Any ideas? Thanks.
at Function.handle (/usr/local/lib/code-server/node_modules/router/index.js:184:3)
at router (/usr/local/lib/code-server/node_modules/router/index.js:59:12)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at trim_prefix (/usr/local/lib/code-server/node_modules/router/index.js:330:13)
at /usr/local/lib/code-server/node_modules/router/index.js:294:7
at Function.process_params (/usr/local/lib/code-server/node_modules/router/index.js:349:12)
at Immediate.next (/usr/local/lib/code-server/node_modules/router/index.js:285:10)
at Immediate.<anonymous> (/usr/local/lib/code-server/node_modules/router/index.js:671:15)
at processImmediate (node:internal/timers:466:21)
[2023-03-08T19:41:30.713Z] error Forbidden HttpError: Forbidden
at ensureOrigin (/usr/local/lib/code-server/out/node/http.js:288:15)
at wrapped (/usr/local/lib/code-server/out/node/wsRouter.js:64:24)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at next (/usr/local/lib/code-server/node_modules/router/lib/route.js:144:13)
at Route.dispatch (/usr/local/lib/code-server/node_modules/router/lib/route.js:109:3)
at handle (/usr/local/lib/code-server/node_modules/router/index.js:515:11)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at /usr/local/lib/code-server/node_modules/router/index.js:291:22
at param (/usr/local/lib/code-server/node_modules/router/index.js:368:14)
at param (/usr/local/lib/code-server/node_modules/router/index.js:379:14)
at Function.process_params (/usr/local/lib/code-server/node_modules/router/index.js:424:3)
at next (/usr/local/lib/code-server/node_modules/router/index.js:285:10)
at Function.handle (/usr/local/lib/code-server/node_modules/router/index.js:184:3)
at router (/usr/local/lib/code-server/node_modules/router/index.js:59:12)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at trim_prefix (/usr/local/lib/code-server/node_modules/router/index.js:330:13)
at /usr/local/lib/code-server/node_modules/router/index.js:294:7
at Function.process_params (/usr/local/lib/code-server/node_modules/router/index.js:349:12)
at Immediate.next (/usr/local/lib/code-server/node_modules/router/index.js:285:10)
at Immediate.<anonymous> (/usr/local/lib/code-server/node_modules/router/index.js:671:15)
at processImmediate (node:internal/timers:466:21)
File not found: /usr/local/lib/code-server/lib/vscode/extensions/git-base/dist/browser/extension.js
File not found: /usr/local/lib/code-server/lib/vscode/extensions/emmet/dist/browser/emmetBrowserMain.js
File not found: /usr/local/lib/code-server/lib/vscode/extensions/merge-conflict/dist/browser/mergeConflictMain.js
[2023-03-08T19:41:42.061Z] error Forbidden HttpError: Forbidden
1 Like
JWilson
March 11, 2023, 4:11am
2
The issue is documented on the GitHub page for the addon:
opened 08:37AM - 06 Mar 23 UTC
# Problem/Motivation
After addon update to version 5.5.3 it doesn't work when… HA accseed over https.
## Expected behavior
Expected normally work with ingress by http and https
## Actual behavior
Work only with direct access to HA by http.
When accessed by https with NGINX proxy error on screen after very long time and errros in log
Error text:
```
An unexpected error occurred that requires a reload of this page.
The workbench failed to connect to the server (Error: Time limit reached)
```
## Steps to reproduce
Home Assistant Core: 2023.3.1
Home Assistant Supervisor: 2023.01.1
Home Assistant config:
```
http:
server_port: 8123
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
```
Addon NGINX Home Assistant SSL proxy
Config:
```
domain: mydomain.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
active: false
default: nginx_proxy_default*.conf
servers: nginx_proxy/*.conf
```
Addon's log
```
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service base-addon-banner: starting
-----------------------------------------------------------
Add-on: Studio Code Server
Fully featured Visual Studio Code (VSCode) experience integrated in the Home Assistant frontend.
-----------------------------------------------------------
Add-on version: 5.5.3
You are running the latest version of this add-on.
System: Debian GNU/Linux 11 (bullseye) (amd64 / qemux86-64)
Home Assistant Core: 2023.3.1
Home Assistant Supervisor: 2023.01.1
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-timezone: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
[10:33:46] INFO: Configuring timezone (Europe/Kiev)...
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service base-addon-timezone successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service init-user: starting
s6-rc: info: service init-mysql: starting
s6-rc: info: service init-mosquitto: starting
s6-rc: info: service init-code-server: starting
s6-rc: info: service init-code-server successfully started
s6-rc: info: service init-user successfully started
s6-rc: info: service code-server: starting
s6-rc: info: service code-server successfully started
[10:33:47] INFO: Starting code-server...
s6-rc: info: service init-mysql successfully started
s6-rc: info: service init-mosquitto successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
[2023-03-06T08:33:47.604Z] info Wrote default config file to ~/.config/code-server/config.yaml
[2023-03-06T08:33:48.053Z] info code-server 4.10.1 d477972c68fc8c8e8d610aa7287db87ba90e55c7
[2023-03-06T08:33:48.054Z] info Using user-data-dir /data/vscode
[2023-03-06T08:33:48.067Z] info Using config file ~/.config/code-server/config.yaml
[2023-03-06T08:33:48.067Z] info HTTP server listening on http://0.0.0.0:1337/
[2023-03-06T08:33:48.067Z] info - Authentication is disabled
[2023-03-06T08:33:48.067Z] info - Not serving HTTPS
[10:35:40]
[10:35:40] Extension host agent started.
[2023-03-06T08:35:40.457Z] error Forbidden HttpError: Forbidden
at ensureOrigin (/usr/local/lib/code-server/out/node/http.js:288:15)
at wrapped (/usr/local/lib/code-server/out/node/wsRouter.js:64:24)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at next (/usr/local/lib/code-server/node_modules/router/lib/route.js:144:13)
at Route.dispatch (/usr/local/lib/code-server/node_modules/router/lib/route.js:109:3)
at handle (/usr/local/lib/code-server/node_modules/router/index.js:515:11)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at /usr/local/lib/code-server/node_modules/router/index.js:291:22
at param (/usr/local/lib/code-server/node_modules/router/index.js:368:14)
at param (/usr/local/lib/code-server/node_modules/router/index.js:379:14)
at Function.process_params (/usr/local/lib/code-server/node_modules/router/index.js:424:3)
at next (/usr/local/lib/code-server/node_modules/router/index.js:285:10)
at Function.handle (/usr/local/lib/code-server/node_modules/router/index.js:184:3)
at router (/usr/local/lib/code-server/node_modules/router/index.js:59:12)
at Layer.handle [as handle_request] (/usr/local/lib/code-server/node_modules/router/lib/layer.js:102:15)
at trim_prefix (/usr/local/lib/code-server/node_modules/router/index.js:330:13)
at /usr/local/lib/code-server/node_modules/router/index.js:294:7
at Function.process_params (/usr/local/lib/code-server/node_modules/router/index.js:349:12)
at Immediate.next (/usr/local/lib/code-server/node_modules/router/index.js:285:10)
at Immediate.<anonymous> (/usr/local/lib/code-server/node_modules/router/index.js:671:15)
at processImmediate (node:internal/timers:468:21)
```
Home Assistant Supervisor log:
`23-03-06 10:42:05 ERROR (MainThread) [supervisor.api.ingress] Ingress error: 403, message='Invalid response status', url=URL('http://172.30.33.3:1337/stable-441438abd1ac652551dbe4d408dfcec8a499b8bf?reconnectionToken=ed7a7470-a38d-4b38-ac08-25ba3d197d48&reconnection=false&skipWebSocketFrames=false')`
As the last reply (as of now) states, adding “proxy_set_header X-Forwarded-Host $http_host;” to the NginX configuration resolves the issue.
1 Like
i have the same problem, strage thing is that i run 2 ha instences and only one has the problem.
Sure they’re both on exactly the same version? That is strange…
If you have the problem please add support on the github issue/PR
both have the same add-on version, only one is debian 11 supervised installation and the one that is not working is ha os.
comment/thumbs up whatever you want
the supervised install must have something different going on with nginxsending the required header somehow
@TheMystery @stevelatimer think one of you (or anyone but me) needs to bump the github issue because it’s been marked as stale
opened 03:36PM - 13 Mar 23 UTC
stale
### Describe the issue you are experiencing
As the title says, there's no confi… g option for `X-Forwarded-Host` which should go just here: https://github.com/home-assistant/addons/blob/master/nginx_proxy/data/nginx.conf#L66
As noted in the vscode issue here: https://github.com/hassio-addons/addon-vscode/issues/584#issuecomment-1462976192
The latest version of vscode no longer functions without adding:
`proxy_set_header X-Forwarded-Host $http_host;`
To the nginx config
### What type of installation are you running?
Home Assistant OS
### Which operating system are you running on?
Home Assistant Operating System
### Which add-on are you reporting an issue with?
NGINX Home Assistant SSL proxy
### What is the version of the add-on?
3.2.0
### Steps to reproduce the issue
1. Use nginx proxy
2. Use latest version of vscode addon
### System Health information
N/A
### Anything in the Supervisor logs that might be useful for us?
```txt
N/A
```
### Anything in the add-on logs that might be useful for us?
```txt
N/A
```
### Additional information
_No response_
dc911x
April 21, 2023, 3:08pm
13
Just a heads up: a while ago after I started using the HA NGINX Home Assistant SSL proxy addon I ran into some problems opening some Ingress addons. After some research I found a fix that made me create a file in the folder \\<IP HERE>\share with the name nginx_proxy_default_fix_ingress.conf the content of the file was:
location /api {
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_intercept_errors off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host:8126;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://<IP HERE>:8123/api;
}
while that fixed the problem back then it now made Studio Code Server not work .Just delete the file and restart HA NGINX Home Assistant SSL proxy addon . The new X-Forwarded-Host addition in the addon does the trick. Atm it seems all Ingress related stuff still works.
Thanks 2 the people who made this possible!
1 Like
Just update your nginx addon
1 Like
tbhova
September 1, 2023, 1:45am
18
For the Traefik reverse proxy users, adding this to my dyanamic file provider .yaml file fixed it:
contentSecurityPolicy: "script-src 'self' 'unsafe-inline'"
It’d be great to not use unsafe-inline, but I’m a bit out of my depth and this is what Chrome Dev Tools Console recommended from the error log.
The simple workaround is to go to your server’s IP without reverse proxy and use Code Server there.
majorgear
February 18, 2024, 3:34am
20
Dang, I already have the setting and it still crashes.
location /authelia {
internal;
set $upstream_authelia http://redacted/api/verify; #ADD YOUR IP AND PORT OF AUTHELIA
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_set_header Content-Length "";
# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}
location / {
set $upstream_hass http://redacted; #CHANGE NAME AND IP AND PORT
proxy_pass $upstream_hass; #change name of the service
auth_request /authelia;
auth_request_set $target_url $scheme://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
error_page 401 =302 https://auth.goochdom.com/?rd=$target_url; #change YOURDOMAIN.COM to your domain
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 64 256k;
set_real_ip_from 192.168.1.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
