Using Reverse Proxy

[wertel]

Can't acces pyrt through nginx (Reverse Proxy). Need parameter web_root or url_base in config.

[mountainpenguin]

Hi,

Sorry for the wait, as you may have noticed, I haven't been able to put time into this project for quite some time.

I'm currently using pyrt behind an nginx reverse proxy also, and I haven't come across many problems, aside from logging of the correct IP addresses (always shows 127.0.0.1), which I fixed a while back but never got around to committing (soon to be rectified).

Could you perhaps paste the relevant part of your nginx config, as well as your pyrt config file? (removing anything sensitive of course), there are a couple of things that are important for pyrt.

Thanks very much!

---

Relevant nginx.conf

upstream pyrt {
        server localhost:8080;
}

server {
        listen ipv4.ipaddr:443;
        listen [my:ipv6:address:here]:443;
        server_name myserver.tld;

        include conf.d/ssl/letsencrypt.conf;

        location / {
            proxy_pass          http://pyrt;
            proxy_pass_header   Server;
            proxy_set_header    Host $http_host;
            proxy_redirect      off;
            proxy_intercept_errors      off;
            proxy_set_header    X-Real-IP $remote_addr;
            proxy_set_header    X-Scheme $scheme;
            proxy_set_header    Upgrade $http_upgrade;
            proxy_set_header    Connection      "upgrade";
        }
}

Notes:

• the Upgrade and Connection headers are required to allow the pyrt websockets to function (AJAJ/X, file uploading, logging, auto handlers etc)
• the X-Real-IP header allows pyrt to access the remote IP address that nginx sees rather than localhost (see subsequent commit).

pyrt config

The important setting in the pyrt config file is host. This should be set according to the upstream block in your nginx config, e.g. if you use localhost:8080 in nginx.conf, you can't use yourhost.tld in pyrtrc.

Hope this helps!

[wertel]

Thank you for response. I try mount pyrt to subdirectory /pyrt, as other app (sickbeard and couchpotato) on server.

With your help, mount in root work:

        location / {
            proxy_pass http://127.0.0.1:8000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

Subdirectory mount not work, nginx return 404:

        location /pyrt {
            proxy_pass   http://127.0.0.1:8000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

[mountainpenguin]

Ah, I see what you meant about web_root or url_base now, I'm running mine on a subdomain so I can mount it to root.

It'll need changes to all the HTML and most of the javascript files, but nothing too complicated, I'll try to see if I can do it today.

[mountainpenguin]

So I think I've covered everything now without needing to create a new config variable.

pyRT should now work behind reverse proxies (both subdirectories and subdomains) as well as directly open on a non-standard port.

I will keep testing to make sure I've covered everything for a little while before merging into master, but perhaps you could switch to the testing branch and give it a go?

Meanwhile there are a couple of important changes that are required in your nginx.conf to get it to work:

location /pyrt/ {
            proxy_pass   http://127.0.0.1:8000;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
        }

1. You need to have the trailing / in the location.
2. You need to pass the $http_host header along to pyRT (this is set to 127.0.0.1:8000 otherwise).
3. Passing $remote_addr to pyRT is not required, but recommended, so it will log the correct IP address in its log files.

Hope it works out for you, it seems to be working on my test system.

[wertel]

Switch to the testing branch and change nginx config. Pyrt return code 404:

[I 160106 21:53:40 server:940] Starting webserver on http://127.0.0.1:8000 with PID 1334
[I 160106 21:53:40 server:946] Starting UNIX websocket on .sockets/rss.interface
[I 160106 21:53:40 server:948] Starting UNIX websockets
[I 160106 21:53:40 server:969] Starting RSS listener
[I 160106 21:53:40 server:782] RPCsocket successfully opened
[I 160106 21:53:40 rpchandler:132] RSS started in the background
[W 160106 21:53:48 web:1946] 404 GET /pyrt/ (192.168.200.7) 1.19ms
[W 160106 21:53:51 web:1946] 404 GET /pyrt/ (192.168.200.7) 1.03ms
[W 160106 21:53:52 web:1946] 404 GET /pyrt/ (192.168.200.7) 1.00ms
[W 160106 21:56:37 web:1946] 404 GET /pyrt/ (192.168.200.7) 1.15ms

Tried get page from http://127.0.0.1:8000 with telnet:

[I 160106 21:57:47 web:1946] 200 GET / (127.0.0.1) 40.72ms
[W 160106 21:58:19 web:1946] 404 GET /pyrt/ (127.0.0.1) 1.47ms
[W 160106 21:58:40 web:1946] 404 GET /pyrt (127.0.0.1) 1.02ms

[mountainpenguin]

Hmm, could you perhaps paste your entire nginx config and .pyrtrc file?

[wertel]

Same result on my test system. Config in attach.

.pyrtrc.txt nginx.conf.txt

[mountainpenguin]

Hi, sorry for all the trouble, could you try changing your location block again?

location /pyrt/ {
            proxy_pass   http://127.0.0.1:8000/;
            proxy_set_header Host $http_host;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
        }

This adds a backslash to the end of the proxy_pass address

[wertel]

Now it working)

[mountainpenguin]

Great, I'll leave the issue open until I merge testing into master when I'm reasonably confident there aren't any problems.

[mountainpenguin]

Doesn't seem to be any problems, so I'm going to go ahead and close this