tobychui
commented
21 hours ago Hi @RainmakerRaw ,
Usually in cases like these I would recommend keeping the Caddy setup, as Zoraxy are primary for beginners with much less options available for tinkering.
Zoraxy handle websocket connection with the following logic.
/* WebSocket automatic proxy */
requestURL := r.URL.String()
if r.Header["Upgrade"] != nil && strings.ToLower(r.Header["Upgrade"][0]) == "websocket" {
//Handle WebSocket request. Forward the custom Upgrade header and rewrite origin
r.Header.Set("Zr-Origin-Upgrade", "websocket")
wsRedirectionEndpoint := selectedUpstream.OriginIpOrDomain
if wsRedirectionEndpoint[len(wsRedirectionEndpoint)-1:] != "/" {
//Append / to the end of the redirection endpoint if not exists
wsRedirectionEndpoint = wsRedirectionEndpoint + "/"
}
if len(requestURL) > 0 && requestURL[:1] == "/" {
//Remove starting / from request URL if exists
requestURL = requestURL[1:]
}
u, _ := url.Parse("ws://" + wsRedirectionEndpoint + requestURL)
if selectedUpstream.RequireTLS {
u, _ = url.Parse("wss://" + wsRedirectionEndpoint + requestURL)
}
h.Parent.logRequest(r, true, 101, "host-websocket", selectedUpstream.OriginIpOrDomain)
wspHandler := websocketproxy.NewProxy(u, websocketproxy.Options{
SkipTLSValidation: selectedUpstream.SkipCertValidations,
SkipOriginCheck: selectedUpstream.SkipWebSocketOriginCheck,
Logger: h.Parent.Option.Logger,
})
wspHandler.ServeHTTP(w, r)
return
}I don't see there is any problem from the code level, at least in Zoraxy side. A few thing you might try.
- Try modify the
X-Frame-Options = SAMEHEADERdirection, I guess you should configure it to append from upstream to downstream request (orange arrow) instead of downstream to upstream request (blue arrow) - Disable WebSocket origin check (if you have enabled that manually)
- Disable "Remove Hop-by-hop Headers" option under header advance settings
Morethanevil
What happened? A clear and concise description of what the problem is. Ex. I tried to create a proxy rule but it doesn't work. When I connects to my domain, I see [...]
I have moved to Zoraxy from Caddy, as I love the blacklist and stats dashboard. So far, so good! However, one bugbear remains. I can't seem to get 'live sync' (websockets) working between clients in my self-hosted Vaultwarden. It works fine under Caddy - not especially helpful, I know, but my point is the feature is otherwise available and working outside of Zoraxy config.
The Vaultwarden wiki says that one needs to map two variables to get it working. They give some example proxy configs, including Nginx:
Their Websockets page further states that a reverse proxy must pass on the
UpgradeandConnectionheaders.When using Caddy (or NPM) I can make an entry in the Bitwarden app/extension on any client and immediately see it appear in all other desktop and mobile client apps/extensions. Under Zoraxy, I have to manually sync the vault on the device creating an entry to 'commit' the change to the server, and then sync the other client devices to pull the new entry. It would be preferable to enable websocket support for the 'live sync' feature to work between clients again .
Describe what have you tried A clear and concise description of what you expect to see and what you have tried to debug it.
I have entered a proxy entry in the Zoraxy webUI, for the relevant Proxmox LXC container running Vaultwarden. All my local devices and servers have a static RFC1918 IPv4 address, and a 'static' DHCPv6 global scope ('public') address. When making the Zoraxy proxy entry for Vaultwarden, I left the default config for websockets and did not enable any further TLS config outside of the pre-existing Acme wildcard certificate. I have, however, also set a custom header for
X-Frame-Options = SAMEHEADERas required by Vaultwarden to enable MFA.Describe the networking setup you are using Here are some example, commonly asked questions from our maintainers:
No. Using Ttech's PVE helper script for Zoraxy LXC.Zoraxy - Version 3.1.4NoYes, an x86 box running OpenWRT 23.05.5 and Zoraxy points my WAN subdomain to the container LAN IPv4 address. WAN has a static /29 of IPv4 and /56 IPv6. The Zoraxy LXC runs under Proxmox VE and has a static LAN IP (10.100.0.0/24 subnet) and 'static' DHCPv6 global scope address from my /64 prefix delegation on the router's LAN interface.Wildcard CNAME for*.domain.compoints to one of my WAN IP addresses, for which OpenWRT forwards port 443 to Zoraxy to deal with based on the subdomain requested.Additional context Add any other context or screenshots about the feature request here.