search

m1k1o / neko

A self hosted virtual browser that runs in docker and uses WebRTC.
https://neko.m1k1o.net/
Apache License 2.0
7.87k stars 577 forks source link

No UDP Connection via pfSense & Nginx #147

Open UpperCenter opened 2 years ago

UpperCenter commented 2 years ago

Hi all,

I'm running Neko behind pfSense and Nginx for the frontend. I'm currently not able to get a UDP connection. My traffic flow basically is:

Remote Client -> pfSense -> Nginx Port 443 -> local Neko server Port 8080
                      \
                       UDP Ports (port forward) directly to Neko Server

For clarity, the UDP ports are port forwarded via NAT in pfSense directly to the Neko server, bypassing Nginx. The frontend of the site works, but I'm not able to login. Does anyone have any suggestions? I'm not able to get a connection with the nc -ul 52101 commands. Here's my docker-compose

version: "3.4"
services:
  neko:
    image: "m1k1o/neko:google-chrome"
    container_name: Neko
    restart: "unless-stopped"
    shm_size: "8gb"
    cap_add:
      - SYS_ADMIN
    ports:
      - "8080:8080"
      - "52000-52100:52000-52100/udp"
    environment:
      TZ: "Europe/London"
      PGID: 1000
      PUID: 1000
      NEKO_SCREEN: 1920x1080@30
      NEKO_PASSWORD: Password
      NEKO_PASSWORD_ADMIN: AdminPassword
      NEKO_EPR: 52000-52100
      NEKO_ICELITE: 1
      NEKO_IPFETCH: https://ifconfig.co/ip

Nginx Config:

server {
        listen 443 ssl http2;
        server_name domain.co.uk;

        # SSL
        ssl_certificate /etc/nginx/tls/domain.co.uk.cert.pem;
        ssl_certificate_key /etc/nginx/tls/domain.co.uk.key.pem;
        ssl_stapling on;
        ssl_stapling_verify on;

        # security
        include includes/security.conf;

        # logging
        access_log /var/log/nginx/domain.co.uk.access.log;
        error_log /var/log/nginx/domain.co.uk.error.log warn;

        location / {
                proxy_pass http://192.168.1.14:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_read_timeout 86400;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Port $server_port;
                proxy_set_header X-Forwarded-Protocol $scheme;
        }

        # additional config
        include includes/general.conf;
}

Thanks

m1k1o commented 2 years ago

I'm not able to get a connection with the nc -ul 52101 commands.

In that case it is some misconfiguration on pfSense for port forwarding, has nothing to do with neko app itself.

UpperCenter commented 2 years ago

Thanks for the reply, do you know if it's possible or practical to proxy the UDP ports with Nginx?

m1k1o commented 2 years ago

It is not HTTP traffic but RTP. So cannot be proxied as HTTPs via Nginx. The port is needed in order to connect to RTP, so it needs to be directly exposed.

Shadowfita commented 2 years ago

@m1k1o is there no way around this? Proxying via HTTPs would allow access through tighter networks that don't allow other ports.

m1k1o commented 1 year ago

I don't think WebRTC supports connection via HTTPs. I did not even find anything about it online.