treyyoder / quakejs-docker

Dockerized quakejs server
204 stars 61 forks source link

Trying start behind a reverse proxy... #4

Open ratnose opened 4 years ago

ratnose commented 4 years ago

I can reach quakejs on LAN but not all I wanna frag is on LAN, so I thought hey lets give it a subdomain and let the carnage begin!

But oh now... localip:8080 works, nginx reverse proxy points to localip:8080 as so many other subdomains, but this gives me an forbidden error (111) and in the browser it says 502.

treyyoder commented 4 years ago

I’m really not that familiar with reverse proxies, but if you figure it out let me know. I’ll leave this issue open and see if we can solicit some feedback from the community.

ratnose commented 4 years ago

@treyyoder Would it be possible to add a self signed cert and load apache with SSL, then the reverse proxy will work ( I think).

thesugarat commented 4 years ago

ratnose, I use subdirectories so that my main Let's Encrypt cert works for anything I add. i.e. www.myserver.com is SSLd and so when I spun this up www.myserver.com/quake/ was signed as well. But, using apache as my reverse proxy, I just couldn't get it to work. What do I forward port 8080 or 27960? Both? I want to get this going so I can invite people but not need them to be on LAN.

NitroBiedermann commented 4 years ago

Hey all. Created an account to join in. I know ratnose from another group.

I have a partly working nginx config to use with the QuakeJS container, however the problem is that I need to have SSL to SSL transfer of the files from Apache to Nginx. In the browser console, it is being blocked.

Basically, it is an all or nothing approach with the HTTPS side to get it working with the reverse proxy. It is either all traffic between the Apache server to the Nginx server is over HTTPS, or it all has to be over HTTP.

I feel a self signed cert would the way to go on the Apache server and to allow HTTPS on it rather than purely HTTP.

If I can get my config working, I don't mind sharing what I have for those that would like to use it.

nazarimilad commented 4 years ago

@NitroBiedermann If you get your config working, I would be interested to use it.

Currently, the game is accessible with the following URL: http://<hostname>:8000. But I'll like to access it using a subdomain name and proxy pass: https://quake.<hostname>

NitroBiedermann commented 4 years ago

@nazarimilad I'll share once I have mine working when the internal Apache server has an SSL cert loaded.

nazarimilad commented 4 years ago

oke thanks!

professor-farnsworth commented 4 years ago

One thing that would probably fix the problem for all is to just use '//' instead of 'http://' or 'https://' when referencing scripts or building urls to call via javascript. It's an old trick and all browsers support it. It basically just tells the browser to use whatever protocol the page was loaded with.

beirbones commented 4 years ago

So I've gotten as far getting the JS logo to load on the webpage when running it behind traefikv2 with HTTPS enforced, I've been unable to get any further than that though unfortunately. Dropping my compose file for quake for anyone who may know more.

`version: "3.8"

QuakeJS - Quake JS server

services: quakejs: container_name: quakejs image: treyyoder/quakejs:latest restart: unless-stopped networks:

networks: t2_proxy: external: true`

NitroBiedermann commented 4 years ago

The issue, at least from my Chrome debug console, is that apache needs to have SSL enabled with a self-signed cert. I'm at the same situation as you are with only the logo showing up behind my nginx reverse proxy.

The browser logs will say that the scripts cannot be loaded from unsecured sources, aka from the apache server.

beirbones commented 4 years ago

I'm getting this from within firefox.

Blocked loading mixed active content "http://192.168.1.121/assets/manifest.json"

I believe it's because I'm forcing HTTPS but it pulls the content using http, not sure if there would be a good way of dealing with this. I did change the server address to 127.0.0.1 as supposedly this resolves the mixed active content issue but I then get.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1/assets/manifest.json. (Reason: CORS request did not succeed).

Seems that because the Apache server as you said is using HTTP you're unable to run the quake server using HTTPS.

NitroBiedermann commented 4 years ago

Basically the quick fix is to set your toml to load the QuakeJS server in HTTP only and then it works. In general, the content will need to load from HTTP to HTTP, or HTTPS to HTTPS. My problem is my nginx is using global configs that push everything to HTTPS and I really don't feel like redoing all of it just for QuakeJS when the easy fix would be to have the Apache load in HTTPS in addition to HTTP.

beirbones commented 4 years ago

Exactly my scenario, my traefik proxy redirects all http requests to https, not sure if I can have service specific setups created but ideally i'd rather it was all using https if I'm going to be sharing externally, otherwise i'll just host it locally :)

NitroBiedermann commented 4 years ago

Indeed, I would prefer to host it over HTTPS as well. For now, I can host it locally and it works just fine, but I'd like to share the link with a few people securely externally, however I can always wait for that.

beanman112 commented 3 years ago

Would also love to be able to host for external users, rather than just local. I'm not very adept at all when it comes to this stuff though and mainly get by on spaceinvaderone tutorials. I thought I was going mad earlier before I found this post trying to get this to work through my reverse proxy.

morganzero commented 3 years ago

HTTPS please!

typkrft commented 2 years ago

I had assumed this would be easier for me to figure out, essentially you should be able to go into the container and follow this guide. https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04 Once thats all sorted out it should be easier to natively integrate it into the dockerfile.

treyyoder commented 2 years ago

Has anyone tried using nginx?

jonoak commented 2 years ago

I tried nginx with no luck, i just get a JS logo. Id like to know what config to use if anyone figures it out. This is what im using now. `

server { listen 80; server_name q3.domain.com; location / {

Connectivity Options

    proxy_http_version      1.1;
    proxy_pass http://localip:port;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  } 

}

`

professor-farnsworth commented 2 years ago

Can't believe I commented two years ago and this issue is still floating around 😁.

Anyways, there's nothing anyone can do to solve this. The problem is hard-coded "http://" links in the source code. The only way to fix it is to fork it and change the source code, or modify the returned html in flight as it is proxied. I know IIS can do some regex matching and replacement stuff, no idea if others (nginx, etc.) can as well.

stp14 commented 1 year ago

change the source code

Have you had any luck getting this to work @professor-farnsworth? I attempted it ( see #12 ) with no joy.

The other issue putting it behind nginx is CORS header 'Access-Control-Allow-Origin' missing - where the server isn't allowing the requests because of a Same Origin Policy

professor-farnsworth commented 1 year ago

I believe you can modify the contents using nginx. https://nginx.org/en/docs/http/ngx_http_sub_module.html

Not sure about the CORS issue though. I haven't touched this much in a while though.

ryanfitz514 commented 1 year ago

You all aren't going to love this answer. However, it is an answer of sorts. You can get it working on a subdomain through Nginx Proxy Manager (sort of), but you won't get SSL.

Here's what I did:

  1. Log into nginx proxy manager so you're at the main page
  2. Go to Hosts > Redirection Hosts
  3. Click "Add redirection host"
  4. Domain names = your_sub_domain.your_domain.whatever
  5. Scheme = http
  6. Forward Domain = your external IP, colon, your forwarded port (ex: 12.345.678.912:8080)
  7. HTTP Code = 308 permanent redirect
  8. Preserve Path = on
  9. Save

It's not perfect but it's what I got. Cheers to a great game.

cadeon commented 1 year ago

Same problem. Using Traefik on truenas, so it's not as easy to change my proxy configs -

I think this guy has the right idea but I haven't built the image and tried it yet - https://github.com/PrinzWalium/quakejs-docker-ssl

filcuk commented 1 year ago

I've built the image, and it still doesn't work with Traefik.

HotWinterDays commented 12 months ago

Basically the quick fix is to set your toml to load the QuakeJS server in HTTP only and then it works. In general, the content will need to load from HTTP to HTTP, or HTTPS to HTTPS. My problem is my nginx is using global configs that push everything to HTTPS and I really don't feel like redoing all of it just for QuakeJS when the easy fix would be to have the Apache load in HTTPS in addition to HTTP.

Where would you do this change from HTTP? I installed this container on Unraid. Do I need to create my own docker container?

realies commented 11 months ago

@HotWinterDays, please try the changes in #24. This should allow for an easy reverse proxy setup.

neonwatty commented 2 weeks ago

There is also a rundown of how to do this with the un-dockerized version. See under Running Secure Servers (Content, Dedicated, and Web) Quick-Start.