Running on IGEL remote desktop - Nginx bad gateway

[Bramikke]

Hi, First of all, I love this tool! It works great on local windows computers and using remote desktop. However, when running this tool on a remote desktop from a IGEL thin-client, it does not work.

IGEL and EID have a known issue for the local eID viewer not to work. It has something to do with the mapping of the card reader. But, the online EID applications all works normally using an IGEL thin client. I was hoping the Lino framework was working something like the same as the online EID applications for addressing the card reader.

When running the EID reader from lino using the IGEL remote desktop (https://weleup1.mylino.net), I'm getting a 502 Bad Gateway - nginx/1.14.2.

Do you have a way to solve this problem? I attached some screenshots with the error more detailed.

[lsaffre]

Thanks for reporting. I guess it means that we need to optimize our nginx configuration. I haven't much experience with nginx tuning. I am not sure to understand your environment. Is it possible that the browser on IGEL behaves differently than on other clients? If you want, contact me via email and let's have a Jitsi or Discord session to look at it together.

[Bramikke]

Hi, Thank you for the quick reply. We have IGEL thin clients with linux based IGEL OS. These thin clients connect using remote desktop (RDP) to a Windows server running in the cloud. The problem with the IGEL RDP is the mapping of the physical device (card reader) to the server. GitHub issue: https://github.com/Fedict/eid-mw/issues/86.

I do not know anything about low level programming and connetions to physical devices. But there are 2 ways to connect to the eID reader. EID Viewer and the middleware used by browsers for authentication both uses a different way of connecting to the card reader. On IGEL, the way the middleware connects to the reader is the way to go. This works great. But the eID viewer does not work at all.

Because we want to get the XML of the eID card with all public data, we need to create a web based eID Viewer that talks to the card reader the way the middleware is connecting to the card reader.

Do you know how lino-framework is connecting to the card reader? Is it the eID viewer way? If so, this could maybe cause the error.

[lsaffre]

The Lino server does not connect to the card reader, the cause can't be there. The server just defines a UUID and instructs the client to run eidreader with that UUID and then waits until a response comes. I still guess that either the eidreader on the IDLE client is too slow, or some nginx configuration on the Lino server causes the POST received from eidreader to not being processed correctly. What happens when you type"eidreader" in a terminal on the IDLE client? It should show the eid data on screen...

[Bramikke]

Hi, I've tried running "eidreader" in a terminal on the Windows remote desktop. I only shows an empty line. It looks like the program is not executing anything. Also the log file stays empty.

However, I found out, when running the "Read eID card" from mylino.net. I get the 502 Bad Gateway result on the webview. But inside the logs (C:/eidreader/eidreader.log), the card data is recognized. So it looks very promising! I assume it maybe has to do with a certain timeout like you said.

[Bramikke]

Hi, I've got an update about this issue. It has indeed something to do with the web configuration. Because the log files were looking very promising, I started developing a web eID viewer. And it works great! It is based on just simple HTML, Javascript and PHP. I will commit it to GitHub once it is fine tuned.

[lsaffre]

Cool! Looking forward to trying it!