Subj : Re: synchronet behind a reverse proxy
To   : martylake
From : echicken
Date : Sat Nov 27 2021 03:36:12

  Re: Re: synchronet behind a reverse proxy
  By: martylake to echicken on Fri Nov 26 2021 13:54:55

 ma> I just pulled, and I confirm it works great for me. I did not a difference
 ma> for the address fix, as Iÿuse the same computer for dev and testing. I
 ma> looks good to me though. 

Glad to hear that it's working.

A few other items before we're done with this one:

1) Currently, the websocket service will terminate if the HAPROXY_PROTO option is set, but the X-Forwarded-For header is absent. It won't connect somebody to your terminal server if it can't send their "real" IP address.

This wouldn't work for someone who was using HAProxy in front of their terminal server, but wasn't using an HTTP reverse proxy. Seems an unlikely scenario, but I thought I'd raise it anyway.

We could have it fall back to sending the address of the websocket server (ie. your BBS), or some dummy value if the X-Forwarded-For header is absent. This would allow the websocket connection to proceed, but would result in an incorrect client address.

2) A bit of testing before I merge this:

2a) If you remove the HAPROXY_PROTO option in sbbs.ini, then restart, do websocket connections (ftelnet) continue to work?

2b) If you remove the HAPROXY_PROTO option in sbbs.ini, restart, and also remove the HTTP reverse proxy from the mix (remember to adjust/remove wsp and wssp in modopts.ini->[web] also) do websocket connections continue to work?

2c) If you leave HAPROXY_PROTO enabled, but remove the HTTP reverse proxy from the mix, do websocket connections fail?


I'll reply to your other comments in another message.
  
---  
echicken   
electronic chicken bbs - bbs.electronicchicken.com
---
 þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.