anthonyraymond / joal

An open source command line RatioMaster with an optional WebUI.
Apache License 2.0
613 stars 65 forks source link

Can’t connect to the web ui when behind a proxy #127

Open hogmac opened 3 years ago

hogmac commented 3 years ago

Hey / I tried to put the main web interface under a subdomain using a Cloudflare CDN and a password protected reverse proxy. I was able to reach the interface successfully (like on the rest of my other proxies) but the main interface did not connect to the internal server and port from the main config.json file. Any idea why this happen?

I know this is a very unlikely scenario but have you tried to accomplish this successfully ?

anthonyraymond commented 3 years ago

Hello, what do you mean by password protected revers proxy ? Do you mean a basic auth?

Can you check the chrome Console to see if there are any hints on how to resolve the errors?

anthonyraymond commented 3 years ago

Closing due to no answer, feel free to re-open

JourneyOver commented 1 year ago

know this is a very old issue but recently (as in the past hour) switched over to buying a domain and also switched to using cloudflare, and running into the same type of issue while using wildcard dns settings. Don't have anything password protected though, but it might just be an issue with cloudflare possibly?

Unless you have your server behind cloudflare @anthonyraymond ?

JourneyOver commented 1 year ago

Hey @anthonyraymond by chance you have any ideas? This is still an ongoing issue sadly :s it only started happening after buying a domain and switching over to cloudflare while before it was working just fine.

connecting through IP:Port/Path prefix is still working just fine, would be nice to get it working again through my new website url like it was on the previous url (I had changed everything to the new URL so it is not an issue with a misconfigured URL anywhere)..

anthonyraymond commented 1 year ago

Hello @JourneyOver 😃

Can you share:

i'm gonna need extra context to investigate :)

JourneyOver commented 1 year ago

@anthonyraymond

I have Joal running in a docker container and same with NGINX. I have no plans on switching to any other like traefik or caddy as I have been running NGINX just fine for years so please do not suggest either of those two.

your reverse proxy configuration

https://paste.ee/p/ajf7t

The above link has my nginx.conf, joal.conf, ssl.conf, resolver.conf and proxy.conf

if you need any other conf file let me know and I'll get it up as well.

some logs from the chrome dev tool console?

Screenshot 2023-09-05 180349 only thing blocked out was my domain and the path-prefix.

the connection settings in joal are correctly set as the only thing that really changed between my old working setup and the new broken setup was just the ending of the url (The TLD)

The DNS provider

Using Cloudflare as my DNS provider with namecheap as my domain registrar

what do you mean by "switched to using cloudflare"

Previously I was using a freenom domain and a random DNS prodiver (DynuDNS) and had been for a good several years, but recently after having some major issues with freenom I decided to go about buying an actual domain name from namecheap (planning on moving to porkbun though in the near future due to namecheap prices rising for certain domain renewals) that I could call my own and that wouldn't mysteriously be taken away for unknown reasons (which is something that freenom has a tendency to do every so often), as well as finally switching over to using cloudflare as my DNS provider as they have way more options than DynuDNS does in terms of things.

Upon switching things over and correcting the Server address for joal, it just continues to throw the connection error.

Joal is the only application that is having errors with websocket connections, all my other software on my domain that has websocket stuff has no issues at all.

anthonyraymond commented 1 year ago

Looking at your nginx config it looks to me that you did not setup the connections settings properly in the joal webui.

In webui connection settings form can you change the port from 20026 to 443 ? image

Your nginx conf does not export the 20026 port. Nobody can reach anything on this port.

Also, where is the app hosted?

JourneyOver commented 1 year ago

Your nginx conf does not export the 20026 port. Nobody can reach anything on this port.

I'm using 20026 as the port for Joal in Docker.

---
version: "3.8"

services:

  joal:
    image: docker.io/anthonyraymond/joal:latest
    container_name: joal
    hostname: joal
    restart: unless-stopped
    environment:
      - joal-conf=/data
      - spring.main.web-environment=true
      - server.port=20026
      - joal.ui.path.prefix=<MYPATHPREFIX>
      - joal.ui.secret-token=<MYSECRETTOKEN>
    volumes:
      - /mnt/Docker/Apps/Joal:/data
    ports:
      - 20026:20026/tcp

and like I said before this was working perfectly fine with 20026 in the both the nginx config and in the connection settings for the port before I moved over to the new URL/DNS, but just as a test I did what you suggested and changed to port 443 in the connection settings and it still throws the error the only change being that the url in the error doesn't have the port number in it now.

So instead of it being like wss://ws.joal.<REDACTED>:20026/<REDACTED> it is now just wss://ws.joal.<REDACTED>/<REDACTED> in the error message in the console.

Also, where is the app hosted?

it's hosted in a docker container on a random PC I had laying around running Ubuntu that I have setup in my home, and yes it's behind my router as is everything else running in my home that has an internet connection.

anthonyraymond commented 1 year ago

Hum i just find out that cloudflare is more than just a dns provider. When you register your domain at cloudflare it's "proxied" by default. In this mode the ip resolved from your domain is actually the cloudflare ip (not your public ip) and cloudflare act as a proxy between you and your server. Using proxied mode also make you benefit from various cloudflare features like ddos protection an so on. But it might also add a layer of i don't know what that could interfer with joal.

To test a bit further can you:

JourneyOver commented 1 year ago

So I did some more messing around with the DNS side of things on cloudflare and finally got it working, I ended up having to add a new DNS record just for ws.joal that was DNS only and pointed at my IP (I swear I tried this before and it didn't seem work at the time) instead of proxy (Joal is literally the only one with a websocket that doesnt want to work with proxy I guess) (my wildcard and other things are still behind proxy and working just fine) and then also change the connection settings in joal webUI to use the server port 443 instead of 20026 and it magically started finally working.

the server port change in the connection settings really confuses me though as when I was on the old URL and DNS before the switch to using the new registrar (new URL) and cloudflare DNS I had it set to 20026 in the connection settings and it was working perfectly fine, but for some reason being with cloudflare it just does not work with 20026 in the connection settings for the port server.

anthonyraymond commented 1 year ago

Glad to hear that it worked, DNS propagation onften takes somes times, change may not be immediate... it may be missleading. To add to the confusion your Operating System caches DNS entries. You probably forgot to clean your cache or whatever at some point.

I'm not sure why JOAL is the only one to require that though...

I'm not surprise to see that port 443 is working, your nginx config was allowing this (this is also how i've setup my reverse proxy). Are you sure your ISP router have port forwarding for port 20026:20026 ?

pierre-emmanuelJ commented 1 year ago

For me, it's weird, Joal is choosing the wrong WebSocket port...

I set up Joal on the server port 443

  joal:
    image: anthonyraymond/joal:latest
    restart: always
    volumes:
      - ./services/joal:/data
    command: 
      - "--joal-conf=/data"
      - "--spring.main.web-environment=true"
      - "--server.port=443"
      - "--joal.ui.path.prefix=test"
      - "--joal.ui.secret-token=test"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.joal.middlewares=authtraefik"
      - "traefik.http.routers.joal.entrypoints=websecure"
      - "traefik.http.routers.joal.tls.certresolver=myresolver"
      - "traefik.http.routers.joal.rule=Host(`joal.test.com`)"
      - "traefik.http.services.joal.loadbalancer.server.port=443"
      # - "traefik.http.middlewares.joal-websocket.headers.customrequestheaders.Upgrade=websocket"
      # - "traefik.http.middlewares.joal-websocket.headers.customrequestheaders.Connection=Upgrade"
      - "traefik.http.routers.joal.service=joal"

I can access the web UI.

And here is the error in the web UI:

WebSocket connection to 'wss://joal.test.com:80/' failed: webstomp.js:826 

It seems Joal is choosing port 80 for WebSocket, it should be 443 here and issue should be solved for me. Do you have any idea how I can configure the websicket manually or fix the issue?

pierre-emmanuelJ commented 1 year ago

Okay my bad sorry: https://github.com/anthonyraymond/joal/issues/224#issuecomment-1780938274 BTW The red button sounds more like an error message :D

For me all is working for traefik 🎉