Constant disconnect on Firefox after login with Caddy reverse proxy (works on Chrome) #21687

nixigaj · 2025-03-09T22:54:05Z

Explain what happens

Set up Cockpit with the following Caddy and Cockpit config and point a DNS record:

nixicup-cockpit.erix.dev {
    bind fd04::1

    tls /etc/tls/erix/fullchain.pem /etc/tls/erix/key.pem
    reverse_proxy https://[::1]:9090 {
        transport http {
            tls_insecure_skip_verify
        }
    }

    encode zstd br gzip
}

[WebService]
Origins = https://nixicup-cockpit.erix.dev wss://nixicup-cockpit.erix.dev
ProtocolHeader = X-Forwarded-Proto

Log in to the interface using Firefox
The browser will show "Disconnected" and when you reconnect and switch pages it disconnects again. Everything works on Chrome.

Screenshot

Browser console output

Content-Security-Policy: Ignoring ‘block-all-mixed-content’ because mixed content display upgrading makes block-all-mixed-content obsolete. storage GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js NS_ERROR_CORRUPTED_CONTENT GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js Status 404 VersionHTTP/2 Transferred392 B (0 B size) Referrer Policyno-referrer DNS ResolutionSystem alt-svc h3=":443"; ma=2592000,h3=":443"; ma=2592000 content-encoding zstd content-type text/html; charset=utf-8 cross-origin-resource-policy same-origin date Sun, 09 Mar 2025 22:35:02 GMT referrer-policy no-referrer server Caddy vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off X-Firefox-Spdy h2 x-frame-options sameorigin Accept / Accept-Encoding gzip, deflate, br, zstd Accept-Language en-US,en;q=0.5 Cache-Control no-cache Connection keep-alive Cookie cockpit=redacted DNT 1 Host nixicup-cockpit.erix.dev Pragma no-cache Priority u=2 Sec-Fetch-Dest script Sec-Fetch-Mode no-cors Sec-Fetch-Site same-origin Sec-GPC 1 TE trailers User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0 GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js NS_ERROR_CORRUPTED_CONTENT GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js Status 404 VersionHTTP/2 Transferred392 B (0 B size) Referrer Policyno-referrer DNS ResolutionSystem alt-svc h3=":443"; ma=2592000,h3=":443"; ma=2592000 content-encoding zstd content-type text/html; charset=utf-8 cross-origin-resource-policy same-origin date Sun, 09 Mar 2025 22:35:02 GMT referrer-policy no-referrer server Caddy vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off X-Firefox-Spdy h2 x-frame-options sameorigin Accept / Accept-Encoding gzip, deflate, br, zstd Accept-Language en-US,en;q=0.5 Cache-Control no-cache Connection keep-alive Cookie cockpit=redacted DNT 1 Host nixicup-cockpit.erix.dev Pragma no-cache Priority u=2 Sec-Fetch-Dest script Sec-Fetch-Mode no-cors Sec-Fetch-Site same-origin Sec-GPC 1 TE trailers User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0 The resource from “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). storage The resource from “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). storage GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js NS_ERROR_CORRUPTED_CONTENT GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js Status 404 VersionHTTP/2 Transferred392 B (0 B size) Referrer Policyno-referrer DNS ResolutionSystem alt-svc h3=":443"; ma=2592000,h3=":443"; ma=2592000 content-encoding zstd content-type text/html; charset=utf-8 cross-origin-resource-policy same-origin date Sun, 09 Mar 2025 22:35:02 GMT referrer-policy no-referrer server Caddy vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off X-Firefox-Spdy h2 x-frame-options sameorigin Accept / Accept-Encoding gzip, deflate, br, zstd Accept-Language en-US,en;q=0.5 Cache-Control no-cache Connection keep-alive Cookie cockpit=redacted DNT 1 Host nixicup-cockpit.erix.dev Pragma no-cache Sec-Fetch-Dest script Sec-Fetch-Mode no-cors Sec-Fetch-Site same-origin Sec-GPC 1 TE trailers User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0 The resource from “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). storage Loading failed for the <script> with source “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.manifest.js”. storage:14:39 GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js NS_ERROR_CORRUPTED_CONTENT GET https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js Status 404 VersionHTTP/2 Transferred392 B (0 B size) Referrer Policyno-referrer DNS ResolutionSystem alt-svc h3=":443"; ma=2592000,h3=":443"; ma=2592000 content-encoding zstd content-type text/html; charset=utf-8 cross-origin-resource-policy same-origin date Sun, 09 Mar 2025 22:35:02 GMT referrer-policy no-referrer server Caddy vary Accept-Encoding x-content-type-options nosniff x-dns-prefetch-control off X-Firefox-Spdy h2 x-frame-options sameorigin

Accept / Accept-Encoding gzip, deflate, br, zstd Accept-Language en-US,en;q=0.5 Cache-Control no-cache Connection keep-alive Cookie cockpit=redacted DNT 1 Host nixicup-cockpit.erix.dev Pragma no-cache Sec-Fetch-Dest script Sec-Fetch-Mode no-cors Sec-Fetch-Site same-origin Sec-GPC 1 TE trailers User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0 The resource from “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). storage Loading failed for the <script> with source “https://nixicup-cockpit.erix.dev/cockpit/@localhost/*/po.js”. storage:15:30 Content-Security-Policy: Ignoring ‘block-all-mixed-content’ because mixed content display upgrading makes block-all-mixed-content obsolete. index.html Content-Security-Policy: Ignoring ‘block-all-mixed-content’ because mixed content display upgrading makes block-all-mixed-content obsolete. index.html Content-Security-Policy: Ignoring ‘block-all-mixed-content’ because mixed content display upgrading makes block-all-mixed-content obsolete. services.html Content-Security-Policy: Ignoring ‘block-all-mixed-content’ because mixed content display upgrading makes block-all-mixed-content obsolete. index.html Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. stylesheets-manager.js:664:11 Can't enable storaged btrfs module Error initializing module 'btrfs': /usr/lib64/udisks2/modules/libudisks2_btrfs.so: cannot open shared object file: No such file or directory storaged.js:982:9551 cockpit.format_{bytes,bits}[_per_sec](..., 1024, true) is deprecated. cockpit.js:6:9347 The connection to wss://nixicup-cockpit.erix.dev/cockpit/socket was interrupted while the page was loading. cockpit.js:1:7661 transport closed: disconnected shell.js:107:1468 Object { problem: "disconnected", name: null, message: "Server has closed the connection.", toString: toString() } shell.js:85:5371

Version of Cockpit

323.1

Where is the problem in Cockpit?

Navigation & Shell

Server operating system

other

Server operating system version

Rocky Linux 9.5

What browsers are you using?

Firefox

System log

Mar 09 23:16:48 nixicup.erix.dev cockpit-session[16685]: pam_ssh_add: Failed adding some keys
Mar 09 23:16:48 nixicup.erix.dev systemd-logind[795]: New session 51 of user cockpituser.
Mar 09 23:16:48 nixicup.erix.dev systemd[1]: Started Session 51 of User cockpituser.
Mar 09 23:16:48 nixicup.erix.dev cockpit-session[16685]: pam_unix(cockpit:session): session opened for user cockpituser(uid=1001) by cockpituser(uid=0)
Mar 09 23:16:49 nixicup.erix.dev sudo[16695]: cockpituser : PWD=/ ; USER=root ; COMMAND=/bin/cockpit-bridge --privileged
Mar 09 23:16:49 nixicup.erix.dev sudo[16695]: pam_unix(sudo:session): session opened for user root(uid=0) by cockpituser(uid=1001)
Mar 09 23:16:49 nixicup.erix.dev systemd[1]: Starting Hostname Service...
Mar 09 23:16:49 nixicup.erix.dev systemd[1]: Started Hostname Service.
Mar 09 23:16:50 nixicup.erix.dev PackageKit[16614]: resolve transaction /603_bdaecdae from uid 0 finished with success after 3ms
Mar 09 23:16:50 nixicup.erix.dev udisksd[2136]: Error initializing module 'btrfs': /usr/lib64/udisks2/modules/libudisks2_btrfs.so: cannot open shared object file: No such file or directory
Mar 09 23:16:50 nixicup.erix.dev PackageKit[16614]: get-updates transaction /604_deddadee from uid 0 finished with success after 249ms
Mar 09 23:16:51 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:16:56 nixicup.erix.dev PackageKit[16614]: resolve transaction /606_aacaecbb from uid 0 finished with success after 2ms
Mar 09 23:16:56 nixicup.erix.dev PackageKit[16614]: get-updates transaction /607_daaaaedd from uid 0 finished with success after 291ms
Mar 09 23:16:57 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:16:59 nixicup.erix.dev PackageKit[16614]: resolve transaction /609_dddeaeae from uid 0 finished with success after 4ms
Mar 09 23:17:00 nixicup.erix.dev PackageKit[16614]: get-updates transaction /610_adbcbeda from uid 0 finished with success after 268ms
Mar 09 23:17:00 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:17:02 nixicup.erix.dev PackageKit[16614]: resolve transaction /613_dbbdbebd from uid 0 finished with success after 2ms
Mar 09 23:17:03 nixicup.erix.dev PackageKit[16614]: get-updates transaction /614_dcdbaaed from uid 0 finished with success after 219ms
Mar 09 23:17:04 nixicup.erix.dev PackageKit[16614]: uid 0 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
Mar 09 23:17:04 nixicup.erix.dev PackageKit[16614]: uid 0 obtained auth for org.freedesktop.packagekit.system-sources-refresh
Mar 09 23:17:04 nixicup.erix.dev PackageKit[16614]: refresh-cache transaction /616_dedaccad from uid 0 finished with success after 7ms
Mar 09 23:17:04 nixicup.erix.dev sudo[16695]: pam_unix(sudo:session): session closed for user root
Mar 09 23:17:04 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:17:06 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:17:20 nixicup.erix.dev sudo[16953]:  nixigaj : TTY=pts/2 ; PWD=/home/nixigaj/dev/exp/go-ws-stress-test ; USER=root ; COMMAND=/bin/journalctl --since -10m
Mar 09 23:17:20 nixicup.erix.dev sudo[16953]: pam_unix(sudo:session): session opened for user root(uid=0) by nixigaj(uid=1000)
Mar 09 23:17:32 nixicup.erix.dev systemd[16566]: Starting Mark boot as successful...
Mar 09 23:17:32 nixicup.erix.dev systemd[16566]: Finished Mark boot as successful.
Mar 09 23:17:32 nixicup.erix.dev sudo[16953]: pam_unix(sudo:session): session closed for user root
Mar 09 23:17:35 nixicup.erix.dev sudo[16962]:  nixigaj : TTY=pts/2 ; PWD=/home/nixigaj/dev/exp/go-ws-stress-test ; USER=root ; COMMAND=/bin/journalctl --since -1m
Mar 09 23:17:35 nixicup.erix.dev sudo[16962]: pam_unix(sudo:session): session opened for user root(uid=0) by nixigaj(uid=1000)
Mar 09 23:17:39 nixicup.erix.dev sudo[16962]: pam_unix(sudo:session): session closed for user root
Mar 09 23:17:39 nixicup.erix.dev cockpit-ws[16554]: request timed out, closing
Mar 09 23:17:39 nixicup.erix.dev systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Mar 09 23:17:39 nixicup.erix.dev cockpit-ws[16554]: connection unexpectedly closed by peer
Mar 09 23:17:43 nixicup.erix.dev sudo[16969]:  nixigaj : TTY=pts/2 ; PWD=/home/nixigaj/dev/exp/go-ws-stress-test ; USER=root ; COMMAND=/bin/journalctl --since -1m
Mar 09 23:17:43 nixicup.erix.dev sudo[16969]: pam_unix(sudo:session): session opened for user root(uid=0) by nixigaj(uid=1000)

The text was updated successfully, but these errors were encountered:

apommel · 2025-03-10T20:17:25Z

I have observed the same issue, though I had no idea it could be related to the browser I was using. Indeed when using Chrome it seems to work, where it does not with Firefox. Though even with Chrome, it seems like it is slower to load the views than when accessing with IP + port, though I could be mistaken.

nixigaj · 2025-03-10T20:51:31Z

After some testing, for me, it seems as though there is no difference in latency between proxying Cockpit and direct connection in Chrome. The difference for Firefox though is that it doesn't disconnect with direct connection, but then you can't use valid certificates along with custom domain names.

nixigaj added the bug label Mar 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Constant disconnect on Firefox after login with Caddy reverse proxy (works on Chrome) #21687

Constant disconnect on Firefox after login with Caddy reverse proxy (works on Chrome) #21687

nixigaj commented Mar 9, 2025

apommel commented Mar 10, 2025

nixigaj commented Mar 10, 2025

Constant disconnect on Firefox after login with Caddy reverse proxy (works on Chrome) #21687

Constant disconnect on Firefox after login with Caddy reverse proxy (works on Chrome) #21687

Comments

nixigaj commented Mar 9, 2025

Explain what happens

Version of Cockpit

Where is the problem in Cockpit?

Server operating system

Server operating system version

What browsers are you using?

System log

apommel commented Mar 10, 2025

nixigaj commented Mar 10, 2025