Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web ui does not work over HTTPS when connecting from outside the LAN through reverse proxy #937

Closed
hyteoo opened this issue Jun 14, 2018 · 2 comments
Closed

web ui does not work over HTTPS when connecting from outside the LAN through reverse proxy #937

hyteoo opened this issue Jun 14, 2018 · 2 comments
Labels
staged for release web interface
Milestone
1.13.0

Comments

@hyteoo
Copy link
Contributor

hyteoo commented Jun 14, 2018

I currently run all my espurna devices inside a separate LAN, with no forwarding to WAN.
My setup involves a pfsense router with reverse proxy for accessing everything I need inside the LAN, over HTTPS only.

From time to time however I need to do some admin over the internet, so I have setup a reverse proxy rule that I can easily change to point to a specific espurna device.

Problem is when connecting over HTTPS, rev.proxy connects over HTTP to the espurna. Page is served but when webservices are called, they are called over HTTP (ws://....) so they end up nowhere.

Error received after logging in:

Mixed Content: The page at 'https://xxxxxx.com/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://xxxxxx.com/ws'. This request has been blocked; this endpoint must be available over WSS.

A workaround could be to detect if we are HTTP or HTTPS and request the WS accordingly.
What do you think?
@hyteoo hyteoo changed the title web ui does not work over HTTPS when connecting from outside LAN with reverse proxy web ui does not work over HTTPS when connecting from outside the LAN with reverse proxy Jun 14, 2018
@hyteoo hyteoo changed the title web ui does not work over HTTPS when connecting from outside the LAN with reverse proxy web ui does not work over HTTPS when connecting from outside the LAN through reverse proxy Jun 14, 2018
xoseperez added a commit that referenced this issue Jun 14, 2018
@xoseperez
Support connections over HTTPS via proxy (#937)
b7915c3
@xoseperez
Copy link
Owner

Yes, it's enough with changing the protocol accordingly. I have updated the code in dev branch. Here's my working configuration using NGINX:

    location /espurna/ {

      # header pass through configuration
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header        Upgrade $http_upgrade;
      proxy_set_header        Connection "Upgrade";

      # extra debug headers
      add_header              X-Forwarded-For $proxy_add_x_forwarded_for;

      # actual proxying configuration
      proxy_ssl_session_reuse on;
      proxy_pass              http://espurna-b93c93.local/;
      proxy_redirect          default;
      proxy_read_timeout      90;

    }

@xoseperez xoseperez added this to the 1.13.0 milestone Jun 14, 2018
@xoseperez xoseperez mentioned this issue Jul 2, 2018
Closed
@lblabr
Copy link
Contributor

lblabr commented Jul 14, 2019

do you also have an example for an reverse proxy configuration for apache ? i don't get the ws running...

maybe i have a little complex setup
-> apache reverse proxy -> haproxy -> espurna device

http access to backend behind happroxy are working, i also get the espurna login but nothing else an empty page...

could you give me some advice ?

thanks in advance

Lars

@lblabr lblabr mentioned this issue Jul 14, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
staged for release web interface
Projects
None yet
Milestone
1.13.0
Development

No branches or pull requests
3 participants
@xoseperez @hyteoo @lblabr