search

riemann / riemann-dash

An HTTP dashboard for Riemann.
MIT License
248 stars 102 forks source link

Problems using riemann-dash with secure websockets wss #127

Closed faxm0dem closed 3 years ago

faxm0dem commented 6 years ago

I'm trying to set up secure websockets. I'm using caddy with the following config (Caddyfile):

127.0.0.1:4443 {
  tls self_signed
  proxy / 127.0.0.1:4567
}
127.0.0.1:5559 {
  tls self_signed
  proxy / 127.0.0.1:5556 {
    websocket
  }
  log /dev/stdout
}

I can successfully connect a command line client like wscat or python websocket-client. However, when I point firefox to https://localhost:4443, riemann-dash reports a Socker error and displays no events. I did set network.websocket.allowInsecureFromHTTPS=true in Firefox.

Here's the riemann-dash config:

{
  "server": "127.0.0.1:5559",
  "server_type": "ws",
  ...
}

And he riemann config:

(let [host "127.0.0.1"]
  (tcp-server {:host host})
  (sse-server {:host host})
  (ws-server  {:host host}))
...

Has anybody successfully set up wss with riemann-dash?

faxm0dem commented 6 years ago

Here's the console output of firefox:

Firefox can’t establish a connection to the server at wss://127.0.0.1:5559/index?subscribe=true&query=tagged%20%22test%22.
Beanow commented 5 years ago

@faxm0dem I'm running Traefik with lets encrypt certificates and does wss without any issues for me. Have you managed to work out the problem?

zilti commented 3 years ago

This worked for me. Then I've just set the websocket server field on the dashboard to riemann.example.com:443:

riemann.example.com {
   @websockets {
         header Connection *Upgrade*
         header Upgrade    websocket
   }
   reverse_proxy @websockets 127.0.0.1:5556
   reverse_proxy 127.0.0.1:4567
 }
faxm0dem commented 3 years ago

Thanks @zilti In the meantime I had switched to haproxy (1.5) and FTR this is a working config:

#
defaults
  mode http
  log global
  option httplog
  option  http-server-close
  option  dontlognull
  option  redispatch
  option  contstats
  retries 3
  backlog 10000
  timeout client          25s
  timeout connect          5s
  timeout server          25s
  timeout tunnel        3600s
  timeout http-keep-alive  1s
  timeout http-request    15s
  timeout queue           30s
  timeout tarpit          60s
  default-server inter 3s rise 2 fall 3
  option forwardfor

frontend ft_riemann
  bind 10.10.239.132:5557 name http ssl crt /etc/riemann/ssl.pem
  maxconn 10000
  default_backend bk_riemann

backend bk_riemann
  balance roundrobin
  server websrv1 localhost:5556 maxconn 10000 weight 10 cookie websrv1 check