A few things I encounterted with zoraxy

[Morethanevil]

I was testing out zoraxy and I tried to integrate it on my host system. It runs fine, but there are a few things I encountered, which I wanted to share with you. I used the latest version 2.6 for my tests. First of all, thanks again for this great piece of software.

First my specs: Ubuntu server 22.04 x64 Browser Firefox and Vivaldi (chrome-based) Ryzen 5 5600G B550 Aorus Elite v2 16GB RAM

1. The very first problem was, the edit button on Subdomain Proxy page is not working, it was a lot of work to test everything :)

2. I uploaded my certificate and I tried to add a second one for testing as a subdomain certificate. Then both of them were shown twice. Another question... are intermediate certificates not needed? I have a private key, an intermediate certificate and my certificate.

After I removed one of them, everything was normal again.

3. IPV6 Support, it was impossible for me to create a working subdomain proxy to an IPV6 address. It worked with hostnames, and even with docker internal IPV4 but not with IPV6.

4. This is the most important problem for me. HTTPS Redirect was working just fine, but Apps have problems. The webservice of Jellyfin for example was working completly, but the App did not get any connection. Same was for immich. Immich web was working fine, but not the app. Unable to login. The only app which worked was paperless mobile.

For Jellyfin the app finamp gave me this error:

5. SMTP Settings for password reset. I filled out everything but it tells me " 535 Authentication credentials invalid". Why do I need to use a sender domain? I filled in my domain name (domain.com), but it did not work.

Last question: Is there anyway to contact you, except your mail? A discord or matrix room would be great to exchange with other users.

This were my experience so far. I hope I could give you useful informations. I will test how it works works with wordpress or nextcloud. This needs preparations

[tobychui]

Thanks for the feedback!

I can reproduce 1 and 2 . 1 is an known issue and I am currently working on it. 2 is cause by a minor glitch in the rendering routine. I have patched it in 2.6.1 and will be releasing soon (hopefully this week, but I am kinda busy right now).

For 3, I am unable to test this as all my networking environments and equipment are IPV4 based. There are no ways for me to fix that without a IPv6 based testing environment. I will see if I could find someone help on this issue

For 4, it seems there are issues with your certificates. I personally don't use Jellyfin and I have no way to test it out on my side, it would be nice if you could have figure out some ways to capture the traffic between your app and your zoraxy instance to help with the debugging.

For 5, sender domain (username and password) is the domain for SMTP service provider authentication. This is the related code that might help you better understand the underlying logic on how this is done

func (s *Sender) SendEmail(to string, subject string, content string) error {
    //Parse the email content
    msg := []byte("To: " + to + "\n" +
        "From: Zoraxy <" + s.SenderAddr + ">\n" +
        "Subject: " + subject + "\n" +
        "MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n" +
        content + "\n\n")

    //Login to the SMTP server
    auth := smtp.PlainAuth("", s.Username+"@"+s.Domain, s.Password, s.Hostname)
    err := smtp.SendMail(s.Hostname+":"+strconv.Itoa(s.Port), auth, s.SenderAddr, []string{to}, msg)
    if err != nil {
        return err
    }

    return nil
}

The SMTP sender is optimized for external mail server provider and I didn't test it with self-hosted mail server.

If you need further help on setting up your Zoraxy, you can drop me a message at imuslab@gmail.com and ask for my personal telegram id. It is always nice to have someone can help with spotting bugs and testing things out in an alternative environment :)

[Morethanevil]

Okay 1 and 2 is worked on, great :)

IPV6 is important, so it would be cool if this could be considered as important in next releases. I know it is hard to work on this :D

I got the issue fixed for the certificates. This should be put in the FAQ too.

I have 3 files:

domain.key domain_INTERMEDIATE.cer domain.cer

1. Open domain.cer in an editor like notepad. Copy the whole contents in a new file.
2. Now open domain_INTERMEDIATE.cer in editor and copy the contents to the end of your new file
3. Your textfile should now look like this:

-----BEGIN CERTIFICATE-----
MIIF8jCCBNqgAwIBAgIQCpeiHDFcT8rqNQ5MXD44GjANBgkqhkiG9w0BAQsFADBu
A LOT OF RANDOM
v2EVY8e6dYhDZag4UxmudCUTSb5iHhI8JTEOAMNffOh6JSH2kvA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh
A LOT MORE OF RANDOM
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg==
-----END CERTIFICATE-----

4. Save this file now as domain.pem (Attention to the extension!)
5. Upload to zoraxy as a SUBDOMAIN certificate. Fill in the domain name (domain.com)

So SMTP settings left... I got it working too. Usually my username for login is admin@domain.com. Zoraxy is splitting this up as admin for the username and domain.com for domain name. I splitted it and it worked. Maybe this could be simplified to admin@domain.com in future releases, because it is put together in the login process (auth := smtp.PlainAuth("", s.Username+"@"+s.Domain, s.Password, s.Hostname))

SMTP is set to plain and gets encryption after the login. This is why port 587 is used. It would be better for security if the encryption could be forced at the beginning. This would be port 465.

I mailed you :)