|
Autor: André Data: 2023-01-14 11:18:11 |
Hi, To hide the port number, I would like to start the web interface via a classical url pointing to a apache proxy. Port 6601 is open. Running with the direct url including the port number is working fine. Via the proxy, web interface starts but "Run in a browser" application don't find the server, probably using the internal and not external IP address. Any way to fix that ? Thanks.
|
|
Autor: Mirek (staff) Data: 2023-01-16 14:37:20 |
Hi, HTML clients use standard HTTP/HTTPS port for communication, so if it is not changed in the server, by default it is 80 for HTTP and 443 for HTTPS. 6601 TCP port is used only for native Winflector clients. Standard proxies are not supported. To run Winflector application in a web browser through a proxy, the proxy must support websockets. Regards, |
|
Autor: freebee Data: 2023-04-04 05:21:40 |
Hi. I sucessfull config the reverse-proxy for winflector and enabled http3 and 0-rtt (low latency). In my scenario i hae a FreeBSD / Nginx (http3) installed (compiled). Some notes: On winflector i switch the 80 standard port to 443. This is because when use 'Run on browser' he will try to connect to 80 port outside the pivate ip on lan and then fail. TCP and UDP must be set up to nginx server. Here i not cover the certbot (letscrypt) setup. After all configuation done, test the outside url: https://www.piesocket.com/websocket-tester address: wss://xxx.domain.net:443/connreq.ws If is ok, will work run on browser. https://http3check.net/ and type your url. HTTP3 is standard on 443, so, not change (this is why i need setup winflector to 443). If result is ok, you have almost 0.2ms latency when acess the stream (0-rtt).
So, here is my nginx - site config. server { server_name xxx.domain.net; listen 80; listen [::]:80; return 301 https://xxx.domain.net$request_uri; }
server { listen 443 http3; listen 443 ssl http2; listen [::]:443 ssl http2;
server_name xxx.domain.net; # #root /usr/local/www/cloudunix_com_br; #
access_log /var/log/nginx/xxx.domain.net.access.log main;
http2_push_preload on; # Enable HTTP/2 Server Push
# HTML index index.html index.htm;
location / { proxy_pass http://192.168.7.53:443; # Here is the hack. The 443 on winflector is http (no https). proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_redirect off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_verify off; }
# SSL ssl_certificate /usr/local/etc/letsencrypt/live/xxx.domain.net/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/xxx.domain.net/privkey.pem; ssl_session_timeout 1d; ssl_session_tickets on; # TLS(Ticket) ssl_protocols TLSv1.3; # tls1.3 for RTT-0. #ssl_prefer_server_ciphers on; #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_early_data on; #ssl_ciphers AES128-GCM-SHA256:AES256-GCM-SHA384;
add_header Alt-Svc 'h3=":443"'; add_header QUIC-Status $http3; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:"; # HSTS (ngx_http_headers_module is required) (63072000 seconds) #add_header Strict-Transport-Security "max-age=63072000" always; # Request buffering in not currently supported for HTTP/3. proxy_request_buffering off;
# Add Alt-Svc header to negotiate HTTP/3. #add_header alt-svc 'h3=":443"; ma=86400,h3-29=":443"; ma=86400'; # https
# Solicitado pelo google page speed # add_header Content-Security-Policy "default-src 'self';";
# Otimizacoes sendfile on; tcp_nopush on;
}
|
