Incus console terminal issue

vice · March 22, 2026, 5:41pm

Incus version 6.22
Ubuntu 24.04. 6.8.0-101-generic

We had a remote conole with xterm.js running for years.

Posting to /1.0/instances/{name}/console works, get the operation and data/control secrets.

ControlURL: wss://host_IP:8443/1.0/operations/{opertaion}/websocket?secret={[“fds”][control]}
DataURL: wss://host_IP:8443/1.0/operations/{opertaion}/websocket?secret={[“fds”][0]}

though websocket dies with:
[error]: Data undefined
[close]: died Data1006
Keystrokes producing “WebSocket is already in CLOSING or CLOSED state”

Can not debug it further, lxc monitor shows class websocket created, going than from status code 105 to status code 103.

Tested with Ubuntu and alpine containers.
Certificates and config trust certificates are fine, all other API trusted transactions working so far.

It had worked for many years, recently after an upgrade, stopped working, unfortunately can’t trace back which Incus upgrade broke it.

Could it be related to host/container root subuid & subgid?

stgraber · March 22, 2026, 11:22pm

Is the same API user doing the POST to /1.0/instances/NAME/console and then connecting to the websocket? We did add tighter security around that a little while back to prevent someone from monitoring the background operations and then connecting to it before the requestor gets to it.

vice · March 22, 2026, 11:44pm

Not same.
All done from within a container, aiming at Incus host internal IP (10.0.4.1:8443, 192.168.1.1:8443, even tried server public IP or server https://serverdoamin:8443 with SSL).
Post done by nginx, php as webuser (www-data, user 1000100 on host), websocket connection runs from same container as root (user 1000000 on host).

vice · March 23, 2026, 12:12am

Websocket was node wss://
I also tried using an nginx proxy httpupgrade (websocket) as alternative, that has failed too. I guess the nginx wss:// would have been the same user (www-data) as POST requester.