Can’t connect to the web ui when behind a proxy

[hogmac]

Hey / I tried to put the main web interface under a subdomain using a Cloudflare CDN and a password protected reverse proxy. I was able to reach the interface successfully (like on the rest of my other proxies) but the main interface did not connect to the internal server and port from the main config.json file. Any idea why this happen?

I know this is a very unlikely scenario but have you tried to accomplish this successfully ?

[anthonyraymond]

Hello, what do you mean by password protected revers proxy ? Do you mean a basic auth?

Can you check the chrome Console to see if there are any hints on how to resolve the errors?

[anthonyraymond]

Closing due to no answer, feel free to re-open

[JourneyOver]

know this is a very old issue but recently (as in the past hour) switched over to buying a domain and also switched to using cloudflare, and running into the same type of issue while using wildcard dns settings. Don't have anything password protected though, but it might just be an issue with cloudflare possibly?

Unless you have your server behind cloudflare @anthonyraymond ?

[JourneyOver]

Hey @anthonyraymond by chance you have any ideas? This is still an ongoing issue sadly :s it only started happening after buying a domain and switching over to cloudflare while before it was working just fine.

connecting through IP:Port/Path prefix is still working just fine, would be nice to get it working again through my new website url like it was on the previous url (I had changed everything to the new URL so it is not an issue with a misconfigured URL anywhere)..

[anthonyraymond]

Hello @JourneyOver 😃

Can you share:

• your reverse proxy configuration
• some logs from the chrome dev tool console?
• The DNS provider
• what do you mean by "switched to using cloudflare"

i'm gonna need extra context to investigate :)

[JourneyOver]

@anthonyraymond

I have Joal running in a docker container and same with NGINX. I have no plans on switching to any other like traefik or caddy as I have been running NGINX just fine for years so please do not suggest either of those two.

your reverse proxy configuration

https://paste.ee/p/ajf7t

The above link has my nginx.conf, joal.conf, ssl.conf, resolver.conf and proxy.conf

if you need any other conf file let me know and I'll get it up as well.

some logs from the chrome dev tool console?

only thing blocked out was my domain and the path-prefix.

the connection settings in joal are correctly set as the only thing that really changed between my old working setup and the new broken setup was just the ending of the url (The TLD)

The DNS provider

Using Cloudflare as my DNS provider with namecheap as my domain registrar

what do you mean by "switched to using cloudflare"

Previously I was using a freenom domain and a random DNS prodiver (DynuDNS) and had been for a good several years, but recently after having some major issues with freenom I decided to go about buying an actual domain name from namecheap (planning on moving to porkbun though in the near future due to namecheap prices rising for certain domain renewals) that I could call my own and that wouldn't mysteriously be taken away for unknown reasons (which is something that freenom has a tendency to do every so often), as well as finally switching over to using cloudflare as my DNS provider as they have way more options than DynuDNS does in terms of things.

Upon switching things over and correcting the Server address for joal, it just continues to throw the connection error.

Joal is the only application that is having errors with websocket connections, all my other software on my domain that has websocket stuff has no issues at all.

[anthonyraymond]

Looking at your nginx config it looks to me that you did not setup the connections settings properly in the joal webui.

In webui connection settings form can you change the port from 20026 to 443 ?

Your nginx conf does not export the 20026 port. Nobody can reach anything on this port.

Also, where is the app hosted?

• On cloud web hosting service?
• A private server behind your home router?

[JourneyOver]

Your nginx conf does not export the 20026 port. Nobody can reach anything on this port.

I'm using 20026 as the port for Joal in Docker.

---
version: "3.8"

services:

  joal:
    image: docker.io/anthonyraymond/joal:latest
    container_name: joal
    hostname: joal
    restart: unless-stopped
    environment:
      - joal-conf=/data
      - spring.main.web-environment=true
      - server.port=20026
      - joal.ui.path.prefix=<MYPATHPREFIX>
      - joal.ui.secret-token=<MYSECRETTOKEN>
    volumes:
      - /mnt/Docker/Apps/Joal:/data
    ports:
      - 20026:20026/tcp

and like I said before this was working perfectly fine with 20026 in the both the nginx config and in the connection settings for the port before I moved over to the new URL/DNS, but just as a test I did what you suggested and changed to port 443 in the connection settings and it still throws the error the only change being that the url in the error doesn't have the port number in it now.

So instead of it being like wss://ws.joal.<REDACTED>:20026/<REDACTED> it is now just wss://ws.joal.<REDACTED>/<REDACTED> in the error message in the console.

Also, where is the app hosted?

it's hosted in a docker container on a random PC I had laying around running Ubuntu that I have setup in my home, and yes it's behind my router as is everything else running in my home that has an internet connection.

[anthonyraymond]

Hum i just find out that cloudflare is more than just a dns provider. When you register your domain at cloudflare it's "proxied" by default. In this mode the ip resolved from your domain is actually the cloudflare ip (not your public ip) and cloudflare act as a proxy between you and your server. Using proxied mode also make you benefit from various cloudflare features like ddos protection an so on. But it might also add a layer of i don't know what that could interfer with joal.

To test a bit further can you:

• switch your dns to "DNS only" in cloudflare dashboard
• wait some time for cloudflare to register the change
• clean your dns cache on your computer (the one where you start your web browser)
• ping yourdomain.com from a command line
• ensure the ping response is now showing your public ip (not the cloudflare one)
• test once again connecting the joal webui (using both 20026 and also 443 port)
• if it does not work please incluse the error message for both ports

[JourneyOver]

So I did some more messing around with the DNS side of things on cloudflare and finally got it working, I ended up having to add a new DNS record just for ws.joal that was DNS only and pointed at my IP (I swear I tried this before and it didn't seem work at the time) instead of proxy (Joal is literally the only one with a websocket that doesnt want to work with proxy I guess) (my wildcard and other things are still behind proxy and working just fine) and then also change the connection settings in joal webUI to use the server port 443 instead of 20026 and it magically started finally working.

the server port change in the connection settings really confuses me though as when I was on the old URL and DNS before the switch to using the new registrar (new URL) and cloudflare DNS I had it set to 20026 in the connection settings and it was working perfectly fine, but for some reason being with cloudflare it just does not work with 20026 in the connection settings for the port server.

[anthonyraymond]

Glad to hear that it worked, DNS propagation onften takes somes times, change may not be immediate... it may be missleading. To add to the confusion your Operating System caches DNS entries. You probably forgot to clean your cache or whatever at some point.

I'm not sure why JOAL is the only one to require that though...

I'm not surprise to see that port 443 is working, your nginx config was allowing this (this is also how i've setup my reverse proxy). Are you sure your ISP router have port forwarding for port 20026:20026 ?

[pierre-emmanuelJ]

For me, it's weird, Joal is choosing the wrong WebSocket port...

I set up Joal on the server port 443

  joal:
    image: anthonyraymond/joal:latest
    restart: always
    volumes:
      - ./services/joal:/data
    command: 
      - "--joal-conf=/data"
      - "--spring.main.web-environment=true"
      - "--server.port=443"
      - "--joal.ui.path.prefix=test"
      - "--joal.ui.secret-token=test"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.joal.middlewares=authtraefik"
      - "traefik.http.routers.joal.entrypoints=websecure"
      - "traefik.http.routers.joal.tls.certresolver=myresolver"
      - "traefik.http.routers.joal.rule=Host(`joal.test.com`)"
      - "traefik.http.services.joal.loadbalancer.server.port=443"
      # - "traefik.http.middlewares.joal-websocket.headers.customrequestheaders.Upgrade=websocket"
      # - "traefik.http.middlewares.joal-websocket.headers.customrequestheaders.Connection=Upgrade"
      - "traefik.http.routers.joal.service=joal"

I can access the web UI.

And here is the error in the web UI:

WebSocket connection to 'wss://joal.test.com:80/' failed: webstomp.js:826 

It seems Joal is choosing port 80 for WebSocket, it should be 443 here and issue should be solved for me. Do you have any idea how I can configure the websicket manually or fix the issue?

[pierre-emmanuelJ]

Okay my bad sorry: https://github.com/anthonyraymond/joal/issues/224#issuecomment-1780938274 BTW The red button sounds more like an error message :D

For me all is working for traefik 🎉