search

milesmcc / shynet

Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.
Apache License 2.0
2.9k stars 185 forks source link

Hosting Question #221

Closed engrayray closed 2 years ago

engrayray commented 2 years ago

Does Shynet needs to be hosted on the same server of my website? Can I host Shynet to a separate server? The setting now I have is Shynet at server A and my nextjs website is at server B, I tried all possible way, under my knowledge limit and google search, making it work... but unfortunately, it doesn't work so far... please help!

haaavk commented 2 years ago

Shynet can be hosted on separate server. I use it that way. It's hard to guess what is the problem. You probably need separate domain for that. A reverse proxy like Nginx might be needed especially if You want https to work.

engrayray commented 2 years ago

Thank you for the reply!!! I really appreciate it! I had googled for a few days still hasn't found any solution for it. Like you said, I do have a separate domain and Nginx reverse proxy for Shynet. But when I paste the "Shynet Code" to my pages of my nextjs website, all I get from the console is "connection time out". To my understanding, the code suppose to be a "POST" request towards my Shynet server, but my website console is showing "GET" request...

haaavk commented 2 years ago

First thing I would do is to look into Nginx access logs (usually at /var/log/nginx/access.log) to see if request arrived to server. If it's not a problem You can paste screenshot from web console with error. It may be helpful.

engrayray commented 2 years ago

this is my Nginx access log:

access.log

192.241.197.150 - - [11/Aug/2022:00:47:23 +0000] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 zgrab/0.x" 185.21.216.169 - - [11/Aug/2022:01:00:34 +0000] "GET / HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"

reverse-access.log.1

195.74.76.198 - - [06/Aug/2022:02:45:41 +0000] "HEAD / HTTP/1.1" 502 0 "-" "Go-http-client/1.1" 54.89.114.44 - - [06/Aug/2022:02:45:48 +0000] "GET /.git/config HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537> 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "\x16\x03\x01\x01" 400 166 "-" "-" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET / HTTP/1.1" 502 166 "-" "-" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "HELP" 400 166 "-" "-" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /.DSStore HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 502 16> 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /.git/config HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /telescope/requests HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /s/3134332e3234342e3135382e3930//;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.pr> 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /.env HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET / HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA176644) AppleWe> 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /info.php HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /server-status HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /login.action HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 45.33.51.181 - - [06/Aug/2022:02:46:36 +0000] "GET /config.json HTTP/1.1" 502 166 "-" "Go-http-client/1.1" 185.254.196.223 - - [06/Aug/2022:02:47:35 +0000] "GET /.env HTTP/1.1" 502 568 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, li> 185.254.196.223 - - [06/Aug/2022:02:47:36 +0000] "POST / HTTP/1.1" 502 568 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like > 205.169.39.23 - - [06/Aug/2022:02:49:16 +0000] "GET / HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML> 51.81.167.146 - - [06/Aug/2022:02:49:31 +0000] "GET / HTTP/1.1" 502 166 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_1_1 like Mac OS X) AppleWebKi>

error.log

2022/08/11 00:37:05 [crit] 246048#246048: *171 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 192.155.91.11, server: 0.0.0.0:443

reverse-error.log.1

2022/08/10 02:28:49 [crit] 182647#182647: 436 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.79.174.216, server: 0.0.0.0:443 2022/08/10 04:27:37 [crit] 182647#182647: 476 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.33.66.175, server: 0.0.0.0:443 2022/08/10 06:27:59 [crit] 182647#182647: 503 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.33.66.175, server: 0.0.0.0:443 2022/08/10 08:18:20 [notice] 242620#242620: signal process started 2022/08/10 08:21:09 [notice] 242759#242759: signal process started 2022/08/10 08:21:58 [notice] 242799#242799: signal process started 2022/08/10 08:22:00 [notice] 242801#242801: signal process started 2022/08/10 08:24:04 [notice] 242912#242912: signal process started 2022/08/10 08:27:47 [crit] 242913#242913: 538 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.33.82.156, server: 0.0.0.0:443 2022/08/10 10:28:15 [crit] 246048#246048: 21 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 172.104.11.11, server: 0.0.0.0:443 2022/08/10 12:27:40 [crit] 246048#246048: 49 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.79.158.210, server: 0.0.0.0:443 2022/08/10 12:42:39 [crit] 246048#246048: 61 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 154.89.5.84, server: 0.0.0.0:443 2022/08/10 14:27:44 [crit] 246048#246048: 81 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.33.94.188, server: 0.0.0.0:443 2022/08/10 16:27:40 [crit] 246048#246048: 103 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.79.141.227, server: 0.0.0.0:443 2022/08/10 18:27:17 [crit] 246048#246048: 130 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.79.141.167, server: 0.0.0.0:443 2022/08/10 20:27:32 [crit] 246048#246048: 142 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 23.239.9.32, server: 0.0.0.0:443 2022/08/10 22:27:41 [crit] 246048#246048: 159 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 45.79.141.97, server: 0.0.0.0:443

error.log.1

022/08/06 02:45:41 [error] 26508#26508: 5 connect() failed (111: Connection refused) while connecting to upstream, client: 195.74.76.198, server: , request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "analytics.atjewelbe.com" 2022/08/06 02:45:48 [error] 26508#26508: 7 connect() failed (111: Connection refused) while connecting to upstream, client: 54.89.114.44, server: , request: "GET /.git/config HTTP/1.1", upstream: "http://127.0.0.1:8080/.git/config", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 10 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 12 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /.DS_Store HTTP/1.1", upstream: "http://127.0.0.1:8080/.DS_Store", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 14 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1", upstream: "http:/> 2022/08/06 02:46:36 [error] 26508#26508: 17 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /.git/config HTTP/1.1", upstream: "http://127.0.0.1:8080/.git/config", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 16 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /telescope/requests HTTP/1.1", upstream: "http://127.0.0.1:8080/telescope/requests", host: "analytics.atj> 2022/08/06 02:46:36 [error] 26508#26508: 20 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /s/3134332e3234342e3135382e3930/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTT> 2022/08/06 02:46:36 [error] 26508#26508: 22 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /?rest_route=/wp/v2/users/ HTTP/1.1", upstream: "http://127.0.0.1:8080/?rest_route=/wp/v2/users/", host: > 2022/08/06 02:46:36 [error] 26508#26508: 23 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /.env HTTP/1.1", upstream: "http://127.0.0.1:8080/.env", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 26 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 28 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /info.php HTTP/1.1", upstream: "http://127.0.0.1:8080/info.php", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 30 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /server-status HTTP/1.1", upstream: "http://127.0.0.1:8080/server-status", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 32 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /login.action HTTP/1.1", upstream: "http://127.0.0.1:8080/login.action", host: "analytics.atjewelbe.com" 2022/08/06 02:46:36 [error] 26508#26508: 34 connect() failed (111: Connection refused) while connecting to upstream, client: 45.33.51.181, server: , request: "GET /config.json HTTP/1.1", upstream: "http://127.0.0.1:8080/config.json", host: "analytics.atjewelbe.com" 2022/08/06 02:47:35 [error] 26508#26508: 36 connect() failed (111: Connection refused) while connecting to upstream, client: 185.254.196.223, server: , request: "GET /.env HTTP/1.1", upstream: "http://127.0.0.1:8080/.env", host: "143.244.158.90" 2022/08/06 02:47:36 [error] 26508#26508: 38 connect() failed (111: Connection refused) while connecting to upstream, client: 185.254.196.223, server: , request: "POST / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "143.244.158.90" 2022/08/06 02:49:16 [error] 26508#26508: 40 connect() failed (111: Connection refused) while connecting to upstream, client: 205.169.39.23, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "analytics.atjewelbe.com" 2022/08/06 02:49:31 [error] 26508#26508: *42 connect() failed (111: Connection refused) while connecting to upstream, client: 51.81.167.146, server: , request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "analytics.atjewelbe.com"

seems like the connection doesn't go through. I don't have much knowledge about the server side, I don't really know what I had done wrong with the settings...

This is my Shynet Nginx setting:

Shynet reverse-proxy.conf

server {

server_name analytics.atjewelbe.com;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://analytics.atjewelbe.com:8080;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/analytics.atjewelbe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/analytics.atjewelbe.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server { if ($host = analytics.atjewelbe.com) { return 301 https://$host$request_uri; } # managed by Certbot

listen 80;

server_name analytics.atjewelbe.com;
return 404; # managed by Certbot

}

This is my website Nginx setting:

Server {

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    server_name atjewelbe.com www.atjewelbe.com;

    location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/atjewelbe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/atjewelbe.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

} server { if ($host = www.atjewelbe.com) { return 301 https://$host$request_uri; } # managed by Certbot

if ($host = atjewelbe.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name atjewelbe.com www.atjewelbe.com;
return 404; # managed by Certbot

Website console

Headers

GET https://analytics.atjewelbe.com:8080/ingress/1c0a0fb5-0b20-4377-9693-7c019933add8/script.js Transferred0 B (0 B size) Referrer Policystrict-origin-when-cross-origin

Accept / Accept-Encoding gzip, deflate, br Accept-Language en-US,en;q=0.5 Connection keep-alive Cookie _ga_P61MD9XKQE=GS1.1.1660182092.12.0.1660182092.0; _ga=GA1.1.561847274.1659951693 Host analytics.atjewelbe.com:8080 Referer https://atjewelbe.com/ Sec-Fetch-Dest script Sec-Fetch-Mode no-cors Sec-Fetch-Site same-site User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0

Please review it and give me some advice, Thanks!!!

haaavk commented 2 years ago

I think the port (:8080) looks suspicious. I tested it without port and it worked. 

09:33 > wget  https://analytics.atjewelbe.com/ingress/1c0a0fb5-0b20-4377-9693-7c019933add8/script.js
--2022-08-11 09:34:00--  https://analytics.atjewelbe.com/ingress/1c0a0fb5-0b20-4377-9693-7c019933add8/script.js
Resolving analytics.atjewelbe.com (analytics.atjewelbe.com)... 143.244.158.90
Connecting to analytics.atjewelbe.com (analytics.atjewelbe.com)|143.244.158.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1889 (1,8K) [application/javascript]
Saving to: ‘script.js’

script.js                    100%[===========================================>]   1,84K  --.-KB/s    in 0s

2022-08-11 09:34:00 (231 MB/s) - ‘script.js’ saved [1889/1889]
engrayray commented 2 years ago

Yes!!! Thank you haaavk! it works finally.... by eliminate the port number.... Thanks again!! I can delete my google analytics now!

haaavk commented 2 years ago

I'm glad I could help. Now You can close the issue to save maintainer time.