Goaccess not responding on websocket

allinurl / goaccess

GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

https://goaccess.io

MIT License

18.38k stars 1.11k forks source link

Goaccess not responding on websocket #2095

Closed sanddweller closed 3 years ago

sanddweller commented 3 years ago

I think i have everything setup correctly compiled with ssl support... goaccess.conf config file is as-installed & untouched. GA is listening on port 9870 host firewall is allowing connections AWS is allowing connections

with GA running I can telnet to port 9870 from outside (but no response) Browser displays static page ok, then has a fail on websocket connection.

goaccess --log-format '%h %^ %e [%d:%t] "%m %U %H" %s %b %R %u %T' --date-format '%d/%b/%Y' --time-format '%H:%M:%S %z' --date-spec=hr /var/log/nginx/xxxxxxx_access.log --real-time-html -o /var/www/html/xcart/goareport.html --port=9870 --html-refresh=30 --ws-url=xxxxxxxx.com:9870 --daemonize Daemonized GoAccess: 4018942

netstat -nap |grep goa tcp 0 0 0.0.0.0:9870 0.0.0.0:* LISTEN 4018942/goaccess

firewall-cmd --list-all |grep 9870 ports: 2297/tcp 5665/tcp 9870/tcp

I have checked other reports of problems but cannot find any tips that may help... Im stumped.. Any ideas?

thanks, --geoff

0bi-w6n-K3nobi commented 3 years ago

Hi @sanddweller

Do you specify WSS schema into --ws-url ? I.E. --ws-url=wss://*.com:9870

Huum... WSS requires --ssl-cert... I.E. TLS/SSL certificate. You can use only WS like --ws-url=ws://*.com:9870. Of course, without security conection.

You can see more ~~tail~~ detail at man page.

allinurl commented 3 years ago

Like @0bi-w6n-K3nobi said, if you are opening via wss, then you need to open the report via https://url/report.html and thus you need to specify --ssl-key and --ssl-cert. If you open the report via http, then no need for wss, simply using ws would work.

nrosier commented 3 years ago

I have a similar issue; I'm running a Caddy-server which handles certificate requests. I've pointed to these certificates in the config-file. The certificate is the entire chain but when I connect through openssl to verify the cert I don't get the chain but only the 1st cert and following error: Verify return code: 21 (unable to verify the first certificate) Running openssl against Caddy gives the entire chain.

0bi-w6n-K3nobi commented 3 years ago

Hi @nrosier

Looking a little bit in Google I found this at ServerFault and that at LetsEncprypt Communty.

nrosier commented 3 years ago

Should have specified: full chain is configured in goaccess. Workaround I found: use Caddy as reverse proxy to goaccess

allinurl commented 3 years ago

Closing this. Feel free to reopen it if needed.