Kong 1.2.0 - WebSocket connection to 'ws://xxx' failed: Error during WebSocket handshake: 'Upgrade' header is missing
· 3 min read
升级 Kong 1.1.1 到 1.2.0 后,原来工作正常的 WebSocket 连接不上了,前端提示:'Upgrade' header is missing 
Server 端提示:
System.Net.WebSockets.WebSocketException (2): The remote party closed the WebSocket connection without completing the close handshake.
Google 了下应该是 Kong 1.2.0 的 bug:
Websocket Upgrade header missing after upgrade to 1.2.0
fix(proxy) do not clear upgrade header (case-insensitive), fix #4779 #4780
但 Milestone 是 1.2.2, 还没有发布. 紧急有效的修复方法是从github中拿到修复后的 handler.lua 文件, 创建 configmap:
apiVersion: v1
data:
handler.lua: |-
-- Kong runloop
--
-- This consists of local_events that need to
-- be ran at the very beginning and very end of the lua-nginx-module contexts.
-- It mainly carries information related to a request from one context to the next one,
-- through the `ngx.ctx` table.
--
-- In the `access_by_lua` phase, it is responsible for retrieving the route being proxied by
-- a consumer. Then it is responsible for loading the plugins to execute on this request.
local ck = require "resty.cookie"
local meta = require "kong.meta"
...
kind: ConfigMap
metadata:
name: kong-1.2.0-0-runloop-handler.lua
namespace: kong
然后在 kong daemonset/deployment 中把 configmap 挂载到路径/usr/local/share/lua/5.1/kong/runloop/handler.lua:
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: kong
name: kong
name: kong
namespace: kong
spec:
selector:
matchLabels:
name: kong
template:
metadata:
labels:
app: kong
name: kong
spec:
containers:
- env:
- name: KONG_PLUGINS
value: bundled,q1-api-auth,q1-user-auth,q1-user-check-permission
- name: KONG_PROXY_ACCESS_LOG
value: /dev/stdout
- name: KONG_PROXY_ERROR_LOG
value: /dev/stderr
- name: KONG_ADMIN_LISTEN
value: 0.0.0.0:8001, 0.0.0.0:8444 ssl
- name: KONG_PROXY_LISTEN
value: 0.0.0.0:8000, 0.0.0.0:8443 ssl
- name: KONG_STREAM_LISTEN
value: 0.0.0.0:9000 transparent
- name: KONG_DATABASE
value: postgres
- name: KONG_PG_DATABASE
value: kong
- name: KONG_PG_USER
value: kong
- name: KONG_PG_PASSWORD
value: PASSWORD
- name: KONG_PG_HOST
value: 192.168.130.246
- name: KONG_PG_PORT
value: "5432"
image: kong:1.2.0-centos
imagePullPolicy: IfNotPresent
name: kong
ports:
- containerPort: 8000
name: kong-proxy
protocol: TCP
- containerPort: 8443
name: kong-proxy-ssl
protocol: TCP
- containerPort: 8001
name: kong-admin
protocol: TCP
- containerPort: 8444
name: kong-admin-ssl
protocol: TCP
- containerPort: 9000
name: kong-stream
protocol: TCP
volumeMounts:
- mountPath: /usr/local/share/lua/5.1/kong/utils
name: kong-utils
- mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-api-auth
name: q1-api-auth
- mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-user-auth
name: q1-user-auth
- mountPath: /usr/local/share/lua/5.1/kong/plugins/q1-user-check-permission
name: q1-user-check-permission
- mountPath: /usr/local/lib/luarocks/rocks/kong/1.2.0-0/kong-1.2.0-0.rockspec
name: kong-rockspec
subPath: kong-1.2.0-0.rockspec
<span style="color: #ff0000;"> - mountPath: /usr/local/share/lua/5.1/kong/runloop/handler.lua
name: runloop-handler-lua
subPath: handler.lua
</span> dnsPolicy: ClusterFirst
imagePullSecrets:
- name: docker-secret
nodeSelector:
beta.kubernetes.io/os: linux
kubernetes.io/role: node
restartPolicy: Always
volumes:
- configMap:
name: kong-utils
name: kong-utils
- configMap:
name: q1-api-auth
name: q1-api-auth
- configMap:
name: q1-user-auth
name: q1-user-auth
- configMap:
name: q1-user-check-permission
name: q1-user-check-permission
- configMap:
name: kong-1.2.0-0.rockspec
name: kong-rockspec
<span style="color: #ff0000;">- configMap:
name: kong-1.2.0-0-runloop-handler.lua
name: runloop-handler-lua
</span>
问题解决
