- Used Zammad version: 7.0
- Used Zammad installation type: package
- Operating system: Ubuntu
- Webserver: Apache
Hi,
I’m trying to deploy our zammad installation via the azure app proxy outside of our network. It’s working as expected, including pre-authentication through entra-id conditional access policies and kerberos single-sign-on.
The only thing not working is opening and creating a ticket in the mobile view. This results in a never ending spinning circle.
Opening or creating a ticket in the mobile view inside our network is working as expected. It’s also working over the azure app proxy if I switch to the desktop view.
In the production log you can see this error:
INFO – : Started GET “/cable” for 10.10.X.X at 2026-04-09 16:41:55 +0200 (our internal IP from the azure app proxy)
INFO – : Started GET “/cable” [WebSocket] for 93.104.X.X at 2026-04-09 16:41:55 +0200 (the IP from the Client connecting through the azure app proxy)
ERROR – : Request origin not allowed:
ERROR – : Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: Upgrade, HTTP_UPGRADE: websocket)
INFO – : Finished “/cable” [WebSocket] for 93.104.X.X at 2026-04-09 16:41:55 +0200
So it seems, that the problem is the origin of the request. It seems to be empty?
Looking at the allowed request origins, everything seems ok:
zammad run rails r “pp Rails.application.config.action_cable.allowed_request_origins”
[/https?://localhost:\d+/, “https://fqdn.example.com”]
The app proxy runs under the same FQDN as zammad internal (split-DNS).
As I said, this problem only occurs in the mobile view over the azure app proxy when viewing or creating tickets. Everything else is working, including the mobile view in the internal network and the desktop view over the azure app proxy.
Thanks for your help!