http UI super slow and most of the time won't load (nginx proxied)
mikelpr opened this issue ยท 14 comments
it's been impossible for me to try the bot. I'm using a docker build (from the Dockerfile, unmodified), with -e nv vars for API_EXCHANGE API_CURRENCY API_KEY API_SECRET API_PASSPHRASE (coinbase) and when I try to reach the UI, most of the time chrome's loader keeps spinning (the backend is not returning anything just opening the connection) and eventually fails with an ERR_TIMED_OUT. some times it outright ERR_CONNECTION_REFUSED even though it is running. and least probable I do reach the UI but it says disconnected and jankily updates
attaching to the container on start, this is what it logs. nothing out of the ordinary
07/04 17:44:36.515992 CF Outbound IP address is ***.
07/04 17:44:36.517664 GW COINBASE cached handshake:
- gateway: https://api.pro.coinbase.com
- gateway: wss://ws-feed.pro.coinbase.com
- gateway: fix.pro.coinbase.com:4198
- autoBot: no
- symbols: BTC/USD (0.00000001/0.01)
- minSize: 0.00010000 BTC
- makeFee: 0.00%
- takeFee: 0.00%.
07/04 17:44:36.519130 DB loaded OK from /var/lib/K/db/K-trading-bot.COINBASE.BTC.USD.db.
07/04 17:44:36.523203 DB Warrrrning: using default values for Quoting Parameters.
07/04 17:44:36.524651 DB loaded last EWMA Values OK.
07/04 17:44:36.524995 DB loaded 15 historical Fair Values.
07/04 17:44:36.525401 DB loaded 33 STDEV Periods.
07/04 17:44:36.526334 UI ready at http://***:3000.
07/04 17:44:36.650173 GW COINBASE FIX Logon, streaming orders.
07/04 17:44:38.315950 GW COINBASE WS streaming [wallet|orders|levels|trades].
07/04 17:44:45.476695 UI authorization success from ***.
I had the same thing until I finally got around to getting the custom certificate installed. On the first restart after installing the certificate it was back up in under a second and I can refresh the UI with no issues. I would recommend trying that. Follow this guide https://www.akadia.com/services/ssh_test_certificate.html except when it gets to the end and starts talking about apache just take the 4 files you just made and drop them in /etc/ssl/certs/ then add --ssl-crt=/path/to/cert/server.crt --ssl-key=/path/to/key/server.key to your K.sh.
๐จ aye thank you @biyian 'ยก if you don't mind i will add a reference to your comment in the README of the Dockerfile section
I want to reverse proxy wih nginx tho. Hopefully the underlying issue is fixed so we can do that. I'd rather nginx handle the SSL as I can tune it and listen on 443
๐จ just saying, maybe you would like to use --without-ssl argument in the bot;
and then keep the ssl connection just infront of nginx (by nginx)
๐จ aye thank you @biyian 'ยก if you don't mind i will add a reference to your comment in the README of the Dockerfile section
Not just docker, I was having the same issue on a raspberry pi 4 8g with Debian 10 (Linux raspberrypi 5.10.17-v7l+)
With the stock certificate and also while using --without-ssl, it would take about 15-20 minutes to get into the UI.
Verified it fixed in there as well.
Only thing I can think of is maybe something to do with Coinbase's fix api but that's just a shot in the dark.
@biyian so was I thinking, maybe coinbase related buuuuut it wouldn't make sense for the self signed cert to make it work in that case
@mikelpr These should walk you through getting ssl setup through nginx or even better you can just forward the websocket through unless you need access to K from somewhere else. I'm considering testing out using the websocket proxy after reading the article.
https://www.nginx.com/blog/websocket-nginx/
https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
@biyian hey thanks but I do know how to reverse proxy with nginx. my issue is it not being reachable via http (--without-ssl) so doing the reverse proxy yields practically the same result
this is my nginx conf. pretty standard, I've used this same with different domains and correct localhost ports for each backend I run on this server. so I'm pretty sure it's not nginx related but http, as trying to reach it directly yields the same already mentioned results (there being an issue on K's http serving)
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name my-domain.xyz;
include default.d/utf8.conf;
include conf.d/ssl.inc;
ssl_certificate /etc/letsencrypt/live/my-domain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-domain.xyz/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:3000/;
}
}
I'll try with K's builtin ssl but it's not optimal, I'd rather nginx rev proxy to K's http (without ssl) so I can use a real certificate and port 443
noway to get any logs from nginx or something about why the response from upstream service is not 200?
the consequences are silent timeouts?
@ctubio
from /var/log/nginx/error.log
2021/07/03 15:30:03 [error] 37676#37676: *17592 upstream timed out (110: Connection timed out) while reading response header from upstream,
client: (IP addr), server: ***, request: "GET / HTTP/2.0", upstream: "http://[::1]:3000/", host: "***"
many of those, spaced out between other unrelated (other vhosts)
many thanks, i will try to reproduce this situation and debug the issue (looks to me like when firefox changed a header; nginx may just be sending a header that i do not expect)
reopening to give it a chance to fix'ยก
๐จ confirmed nginx headers are unexpected
(HTTP/1.0 instead of HTTP/1.1, so cruel, lemme fix it; well in your case HTTP/2.0)
indeed fixed!