Web UI inaccessible throguh Ingress

[AlexanderBabel]

Hey @a-marcel,

first of all great add-on! I really appreciate the time you took to implement this. I searched a while to find it!

I found an issue during my testing.

If you are using the Ingress functionality, the dashboard does not connect to the web socket. When connecting directly to the dashboard by using the exposed port, everything works as expected.

[AlexanderBabel]

I found the issue: I am using a reverse proxy and owntone tries to connect to 3688 through my proxy, which is not possible. I also found out that owntone uses this port by default. Therefore, I don't see an easy way of getting it running through the ingress (besides exposing the websocket port through the reverse proxy).

So, I'm going to close this issue because it's not an issue of this addon.

[a-marcel]

Hello, good catch. I will try to figure out if this would be possible to fix. I think it's a security issue / configuration in owntone. I will check this weekend.

[a-marcel]

Hello, i updated my Hassio to the latest version and i don't discover any issue anymore. Please comment, if there is still a problem

[AlexanderBabel]

As I said, it is only an issue if you use a reverse proxy like nginx. I use the Nginx Proxy Manager and access my instance through the proxy. Additionally, I set a port-forwarding in my router for 80 and 443. So if I now try to access my home assistant instance outside my home network, it will not work because the port web socket port is not reachable from the internet.

There are three solutions in that case:

1. Use home assistant only locally with the websocket port exposed in the addon's settings
2. Expose the port through the router (which is a high security concern)
3. Find a way to expose the websocket port through the supervisor ingress (which is not easy, but a secure method)

[a-marcel]

So, i spend some time to play around. I enabled https in home assistant and run exactly in your issue. As soon the Home Assistent backend is using https, the websocket connection don't work anymore.

Therefore i added an nginx inside this addon, that enable ssl and proxy the websocket call. Now, it works in Home Assistent via Ingress but there is a new issue now.

Since the websocket port expect ssl, the forked-daapd integration is not working anymore. I try to come up with an idea how to solve this, but it's not that easy. Do you maybe have an idea how it could be possible ? I think the main issue is that owntone only publish one websocket port via their api.....

I'm open for ideas :)

[AlexanderBabel]

Hey @a-marcel,

thanks for taking the time to investigate this issue.

Actually, I do have an idea to solve this. But I am not certain how much effort is needed to do this.

Simple idea:

• Step 1: Add a second location to the nginx instance in the container that serves websocket traffic and forwards it to the owntone ws port.
• Step 2: Rewrite the html/js files on the fly to use the new location instead of the separate websocket port.

Maybe this approach is feasible, but I am not confident enough. I didn't use nginx for on the fly rewrites yet. In the past I had a project with a similar issue (without websockets, only with the url), but I solved that issue by using Cloudflare workers. So maybe there is an extra layer required for that step.

Another solution could be to ask the owntone team to support websockets on the same port as the normal web ui.

Hope these ideas help for further investigations!

Thanks again for your effort and have a nice day.

[a-marcel]

Hey, thanks for the quick answer. Yes, the 2nd point you mentioned was my fallback idea (since it's more "hacky"). But i think it would a possible solution for that use case. I will take a look if i mange to enable the needed nginx modules to change content on the fly.

Thanks for your idea.