Websocket upgrade: websocket: request origin not allowed by Upgrader.CheckOrigin

jech / galene

The Galène videoconference server

https://galene.org

MIT License

899 stars 119 forks source link

Websocket upgrade: websocket: request origin not allowed by Upgrader.CheckOrigin #175

Closed kovmir closed 7 months ago

kovmir commented 7 months ago

I want to run galene behing nginx proxy pass, this is my proxy config:

location / {
        proxy_pass http://localhost:8444/;
}

location /ws {
        proxy_pass http://localhost:8444$request_uri;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
}

My data/config.json:

{
        "proxyURL": "https://mydomain.example/"
}

galene server logs (errors) as I press Connect on web UI:

Websocket upgrade: websocket: request origin not allowed by Upgrader.CheckOrigin

This is a VPS with a public IPv4 address.

dashohoxha commented 7 months ago

I have a configuration like this:

    location / {
        include conf.d/proxy_params;
        proxy_pass https://localhost:8443;

        location /ws {
            proxy_pass https://localhost:8443/ws;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }
    }

It seems to work.

kovmir commented 7 months ago

Thank you! It works. By the way what do you have in conf.d/proxy_params?

dashohoxha commented 6 months ago

By the way what do you have in conf.d/proxy_params?

I believe this standard nginx config in debian/ubuntu:

# vim: syntax=nginx
# this snippet should be included before proxy_pass (see 'example.conf')

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

jech commented 6 months ago

Glad the issue is solved.

Another solution would be to add the publicServer option in config.json, which disables origin checks.