Websock and reverse proxy

Support
#1

NethServer Version: Latest version all update

Hi I have search here and I have see I’m not alone but have not find if someone have got it to work.

I have a windows server that run Milestone security system and also have a web client.
The old version I can disable websock but it looks like it I can’t do d that in the latest version (Have ask for help from the support if I can disable it).
I use Reverse proxy so my https address go to the server and I can login but I can’t see my camera.
It just loading and loading and loading nothing more.

I run the latest update of Nethserver and still not got it to work.
Do I have to add something or do any work around to get my https to work with websock.

#2

I recall websocket support was improved on July with contributions from @carsten to autodetect websockets.
@carsten, do you have some input for @cazz?

1 Like
#3

With the newest version of NS there should be a check box to activate automatic websocket handling in the reverse proxy settings. Try to enable this (let websocket path empty).

3 Likes
#4

Thanks Carsten (Very nice name) but the link say no page or is private.

#5

It is there under advanced settings.

image
image1920×941 51 KB

2 Likes
#6

Strange, I copied the link.Now I copied the link when not logged in. Is should work now.
But please check post from @royceb which shows the check box.

#7

Can see it now, but did not see it on my mobil?

#8

Did find it and I did activate it but no change.

#9

Is that any log I can read to see what is wrong?

#10

What the error exactly? What does work and what does not work?

#11

Well I do not get any error.
I can access the web client thru Proxy reverse and I can login but after that I just see my three camera just loading and loading and nothing more. No error at all
when I’m home and access the web client from my network with IP to the server and not thru Proxy reverse I have no problem to watch my camera.

#12

Please post your configuration.
You could also use the Browser console to see what goes wrong (F12 in Firefox).

#13

hmm not sure what kind of configuration you need but I did try with Firefox and I got this error

Firefox can not establish a connection to the server on wss://subdomain.mydomain.nu/XProtectMobile/Video/eeb9ed9b-1560-4c18-a172-d317fc1def77

I did change the domain, I do not think that is necessary to show

#14

Please post the reverse proxy entry you created.

#15

Sure here it is

# 
# Virtual Host vakt.xxxxxxxxx.nu - *:443
# Description : 

<VirtualHost *:443>

    ServerName vakt.xxxxxxxxx.nu

    # Start Rewrite Engine
    RewriteEngine On

    # forcessl_redirect
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]

    #20ssl_engine
    SSLEngine On
    SSLCertificateFile "/etc/letsencrypt/live/xxxxxxxxx.nu-0002/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/xxxxxxxxx.nu-0002/privkey.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/xxxxxxxxx.nu-0002/chain.pem"

    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

    # Reverse Proxy (with exclusion of local Letsencrypt challenge path)
    ProxyPassMatch ^/.well-known/acme-challenge/ !

    # Websockets proxypass
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule .* ws://192.168.1.4:8081%{REQUEST_URI} [P,L]

    ProxyPass  / http://192.168.1.4:8081/ max=3 retry=30
    ProxyPassReverse / http://192.168.1.4:8081/

    <Location "/">
      <RequireAll>
        Require all granted
        SSLRequireSSL
      </RequireAll>
    </Location>

</VirtualHost>


# 
# Virtual Host vakt.xxxxxxxxx.nu - *:80
# Description : 

<VirtualHost *:80>

    ServerName vakt.xxxxxxxxx.nu

    # Start Rewrite Engine
    RewriteEngine On

    # forcessl_redirect
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]



    # Reverse Proxy (with exclusion of local Letsencrypt challenge path)
    ProxyPassMatch ^/.well-known/acme-challenge/ !

    # Websockets proxypass
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule .* ws://192.168.1.4:8081%{REQUEST_URI} [P,L]

    ProxyPass  / http://192.168.1.4:8081/ max=3 retry=30
    ProxyPassReverse / http://192.168.1.4:8081/

    <Location "/">
      <RequireAll>
        Require all granted
        SSLRequireSSL
      </RequireAll>
    </Location>

</VirtualHost>
#16

Did you create this file by hand or did you use the GUI. What is the GUI configuration?

#17

I did use GUI.

proxy
proxy605×746 35.3 KB

#18

Try to check “host header to target”. Also I had problems forwarding https to http, whereas I had fewer porblems with https to https. If destination server also supports https you could try that.

To debug look in the borwser log (F12 in Firefox" what the problem is or use fiddler.

#19

I have check “host header to target” and it same problem. I can’t change the target address to https because server does not like it. Not even if I trying in my local network with IP address.

I have look in the debug log (F12 in firefox) with IP address in the local network and it looks fine. No error and it show the camera. I then trying same with the subdomain and proxy then I get some error.

Server prepared video ID be3f3b0b-5888-40bf-a99b-a3a0edbc0785 for camera 009bab80-d4fb-4892-b168-1a163687660c
Firefox can not establish a connection to the server on wss://vakt.xxxxx.nu/XProtectMobile/Video/be3f3b0b-5888-40bf-a99b-a3a0edbc0785

This is more then one error but I guess I when I have 4 camera it show 4 error, it only change the last id code in the error in the log.

#20

Your destination 192.168.1.4 work only with http not with https, right? Then you have to use http.
What happens, if you look in the Firefox console (F12) when loading the page. Are there any errors?
You could also try fiddler as a man in the middle to check for errors.