• Web based telnet behind reverse proxy

    From Xerxes@1:103/705 to echicken on Sun Mar 22 10:25:11 2020
    Re: Web based telnet behind reverse proxy
    By: echicken to Xerxes on Tue Mar 17 2020 04:57 pm

    Okay, you should set nginx up act as a reverse proxy for websocket as well. IIRC the config stanza will be pretty much identical to the one you're already using for HTTPS -> Synchronet HTTP, except that you'll want something like:

    listen 1124 ssl;

    and:

    location / {
    proxy_pass http://localhost:1123;
    ...
    }


    So, echicken, this ended up being the exact answer (thank you!!!) - but I don't know why it didn't work the first. Something in my NGINX config(?) wasn't passing traffic from the WSS port to 1123, but I don't know how or why.
    I did end up playing with the standalone ftelnet proxy and ftelnet spun up on another webserver and I'd never see the traffic pass to ftelnet unless I bypassed NGINX.

    For many reasons, I created a new 32-bit Windows 10 install in Hyper-V on the server and re-installed Syncronet. When I intially tried ftelnet it had the same behavior, but then I setup in NGINX to proxy 11235 SSL to 1123 and it worked right away.

    Thank you again!!!

    73,

    Xerxes


    Sysop of KN6Q BBS - https://kn6q.org
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Xerxes@1:103/705 to All on Mon Mar 16 10:34:34 2020
    I am in the beginnings of setting up my BBS. One issue I am having is the web based telnet client isn't working behind my reverse proxy.

    I kind of suspect that it is remotely trying to connect to the local ip address rather than the hostname. It works fine if I'm on the machine itself. Telnet outside to the hostname works fine as well (I'm
    typing this from a random web based telnet client I googled), it's just Sync's webpage .

    I have a dynamic IP adress, but it doesn't change much, so if I *have* to bind it to the current public address in the telnet service it isn't such a big deal, but I'd rather not.

    If it's helpful the address is:

    https://bbs.kn6q.org

    I have lots of stuff to fix, but I'm still in the process of RTFM, but I'm a little stuck on this.

    Thanks,

    Tom

    ---
    þ Synchronet þ KN6Q BBS - kn6q.org
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Xerxes on Mon Mar 16 12:34:50 2020
    Re: Web based telnet behind reverse proxy
    By: Xerxes to All on Mon Mar 16 2020 10:34:34

    I am in the beginnings of setting up my BBS. One issue I am having is the
    web based telnet client
    isn't working behind my reverse proxy.

    First off, this page probably holds no answers for you, however since I don't know how familiar you are with ftelnet and how it works, please review:

    https://github.com/echicken/synchronet-web-v4/wiki/ftelnet

    I just tried ftelnet on your site, and after a while my browser reported this for the websocket (ftelnet) connection:

    ERR_CERT_AUTHORITY_INVALID

    The cert for your BBS website is valid, so evidently your WSS (websocket secure) service is using something else.

    What are you using as a reverse proxy?

    Is your reverse proxy providing TLS and talking to Synchronet in the clear locally, or are you using Synchronet's Let's Encrypt & HTTPS support?

    Is your reverse proxy listening on port 11235 and then forwarding internally to WSS? What (if any) configuration have you done re: certs for this?

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From poindexter FORTRAN@1:103/705 to Xerxes on Mon Mar 16 14:42:44 2020
    Re: Web based telnet behind reverse proxy
    By: Xerxes to All on Mon Mar 16 2020 10:34 am

    I am in the beginnings of setting up my BBS. One issue I am having is the web based telnet client isn't working behind my reverse proxy.

    What reverse proxy are you using? I'm setting up a reverse proxy in NGINX and another in Apache, so it's fresh in my mind.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Xerxes@1:103/705 to echicken on Tue Mar 17 13:08:09 2020
    Re: Web based telnet behind reverse proxy
    By: echicken to Xerxes on Mon Mar 16 2020 12:34 pm



    Sysop of KN6Q BBS - https://kn6q.org
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Xerxes@1:103/705 to echicken on Tue Mar 17 13:17:27 2020
    Re: Web based telnet behind reverse proxy
    By: echicken to Xerxes on Mon Mar 16 2020 12:34 pm

    First off, this page probably holds no answers for you, however since I don't know how familiar you are with ftelnet and how it works, please review:

    https://github.com/echicken/synchronet-web-v4/wiki/ftelnet

    Thank you. I'm not familiar with ftelnet at all

    What are you using as a reverse proxy?

    NGINX
    Is your reverse proxy providing TLS and talking to Synchronet in the clear locally, or are you using Synchronet's Let's Encrypt & HTTPS support?


    Yes, reverse proxy is providing TLS and talking to Synchronet in the clear

    Is your reverse proxy listening on port 11235 and then forwarding
    internally
    to WSS? What (if any) configuration have you done re: certs for this?

    No, I don't have it listening on 11235, just on 80 and 443. I haven't done any configuration for certs in Synchronet at all, just in NGINX. I'm guessing this is the problem. Can I have NGINX proxy ftelnet, or should I look into Synchronet's Let's Encrypt support?

    Thanks for your response!

    Tom

    Sysop of KN6Q BBS - https://kn6q.org
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Xerxes on Tue Mar 17 16:57:44 2020
    Re: Web based telnet behind reverse proxy
    By: Xerxes to echicken on Tue Mar 17 2020 13:17:27

    What are you using as a reverse proxy?

    NGINX

    Yes, reverse proxy is providing TLS and talking to Synchronet in the
    clear

    Great, this is the same setup I'm using.

    No, I don't have it listening on 11235, just on 80 and 443. I haven't
    done any configuration for
    certs in Synchronet at all, just in NGINX. I'm guessing this is the
    problem. Can I have NGINX proxy
    ftelnet, or should I look into Synchronet's Let's Encrypt support?

    Okay, you should set nginx up act as a reverse proxy for websocket as well. IIRC the config stanza will be pretty much identical to the one you're already using for HTTPS -> Synchronet HTTP, except that you'll want something like:

    listen 1124 ssl;

    and:

    location / {
    proxy_pass http://localhost:1123;
    ...
    }

    Mind that in the above, nginx will then be listening on port 1124, and forwarding to port 1123. You'll then want to set [WS] in ctrl/services.ini to listen on port 1123. You can delete or comment out the [WSS] section.

    You'll also want to edit the [web] section in ctrl/modopts.ini and add or edit the following key/value:

    wssp = 1124

    Reload nginx, restart your BBS if necessary (services should/might recycle when you save services.ini), and reload your Home page, and hopefully it'll work.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Xerxes@1:103/705 to echicken on Tue Mar 17 08:43:49 2020
    What are you using as a reverse proxy?

    I'm using NGINX

    Is your reverse proxy providing TLS and talking to Synchronet in the clear locally, or are you using Synchronet's Let's Encrypt & HTTPS support?

    Reverse proxy is providing TLS and talking to Synchronet in the clear locally


    Is your reverse proxy listening on port 11235 and then forwarding internally to WSS? What (if any) configuration have you done re: certs for this?


    No, It's not - I am just using 443. To go back to what you originally said, I'm not familiar with ftelnet at all and I need to look at that. This gets me pointed in the right direction, thank you!!!

    ---
    þ Synchronet þ KN6Q BBS - kn6q.org
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Xerxes on Tue Mar 17 23:17:46 2020
    Re: Web based telnet behind reverse proxy
    By: Xerxes to echicken on Tue Mar 17 2020 08:43:49

    No, It's not - I am just using 443. To go back to what you originally
    said,
    I'm not familiar with ftelnet at all and I need to look at that. This
    gets me
    pointed in the right direction, thank you!!!

    Did you see my previous reply with some config tips for nginx & Synchronet? (Just curious; this message makes it seem like maybe you didn't.)

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Xerxes@1:103/705 to echicken on Tue Mar 17 23:30:21 2020
    Re: Web based telnet behind reverse proxy
    By: echicken to Xerxes on Tue Mar 17 2020 04:57 pm

    Okay, you should set nginx up act as a reverse proxy for websocket as well. IIRC the config stanza will be pretty much identical to the one you're already using for HTTPS -> Synchronet HTTP, except that you'll want something like:

    listen 1124 ssl;

    and:

    location / {
    proxy_pass http://localhost:1123;
    ...
    }

    Mind that in the above, nginx will then be listening on port 1124, and forwarding to port 1123. You'll then want to set [WS] in ctrl/services.ini to listen on port 1123. You can delete or comment out the [WSS] section.

    You'll also want to edit the [web] section in ctrl/modopts.ini and add or edit the following key/value:

    wssp = 1124

    Reload nginx, restart your BBS if necessary (services should/might recycle when you save services.ini), and reload your Home page, and hopefully it'll work.

    So, I haven't had much time to bang on it, but I *think* I did everything you have said here and no luck so far.

    One thing is [WS] in ctrl/services.ini was already listening on 1123, so I didn't change anything other than do delete the [WSS] section. nginx reloaded OK.

    And yes, ignore the other message - I sent it from my BBS, thought better of it and tried to delete it and reply directly on Vert, but it already sent appearntly, just slowly.

    I'll try to look again tomorrow, thank you for your help.


    Sysop of KN6Q BBS - https://kn6q.org
    --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)