1. Forum
  2. DOVE-Net
  3. Synchronet Discussion

  • synchronet web v4 mod

    From ke6yjc@VERT/ECBBS to echicken on Sat Apr 15 15:02:07 2017
    echicken,

    Awesome job on the www v4 interface, it's a nice addition to the Synchronet software. I do have a question about the web v4 mod however. I have installed your mod from github and it seems to be working pretty well except for fTelnet and sometimes not being able to reply to messages when I click on the submit button. I saw the comment in the README.md file about websocket proxies on other ports than what's specified in the ctrl/services.ini. I'm running nginx in front of my sbbs node to handle the SSL cert as a reverse proxy to the sbbs web ui. Question is that when I try to connect on the webpage (https://bbs.techienet.com) the connection just times out and I get the following error message in my sbbs.log:

    srvc 0063 WebSocketTelnet connection accepted from: <IPADDR> port 53496
    srvc 0063 WebSocketTelnet Missing some piece of handshake data. Here's what we have:
    srvc 0063 WebSocketTelnet Version => 0
    srvc 0063 WebSocketTelnet Caught: ShakeHands() failed
    srvc 0063 WebSocketTelnet service thread terminated (0 clients remain, 0 total, 13 served)
    srvc 0063 !ERROR 9 closing socket

    Any ideas why it would be doing this? I've checked to make sure that 1123 and 1513 are open per the README.md file, but when using SSL it does not seem to work.

    Also this is what I have setup in my nginx config file, thought maybe I'm not passing something that is required?

    server {

    listen 443;
    server_name bbs.techienet.com;

    ssl_certificate chain.pem;
    ssl_certificate_key key.pem;

    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log access.log;

    location / {

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    # Fix the â–’~@~\It appears that your reverse proxy set up is broken" error.
    proxy_pass http://127.0.0.1:8080;
    proxy_read_timeout 90;

    proxy_redirect http://127.0.0.1:8080 https://bbs.techienet.com;
    }
    }

    I realize this is not a www v4 issue, but thought maybe you have ran into this issue before? I've read some other posts in the forums and tried some of them as well as tried to use hiawatha as recommended on http://wiki.synchro.net/howto:hiawatha, but I think nginx is a bit faster and more industry standard from what I've seen.

    Thanks,
    Ted

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From echicken@VERT/ECBBS to ke6yjc on Mon Apr 17 10:06:33 2017
    Re: synchronet web v4 mod
    By: ke6yjc to echicken on Sat Apr 15 2017 15:02:07

    about websocket proxies on other ports than what's specified in the ctrl/services.ini. I'm running nginx in front of my sbbs node to handle the SSL cert as a reverse proxy to the sbbs web ui. Question is that when I try to connect on the webpage (https://bbs.techienet.com) the connection just times out and I get the following error message in my sbbs.log:

    Any ideas why it would be doing this? I've checked to make sure that 1123 and 1513 are open per the README.md file, but when using SSL it does not seem to work.

    If the client's browser is using HTTPS, the websocket connection has to be over SSL as well. You'll need to configure nginx to forward a couple of other ports.

    On my system, the websocket services are listening on their suggested ports (1123 and 1513) but those ports are closed to the outside. Instead I've opened ports 1124 and 1514 and set nginx to listen on those and forward to 1123 and 1513 respectively.

    IIRC you can just copy your existing 'server {}' block twice, and change a couple of relevant lines:

    listen 1124 ssl;

    and:

    proxy_pass http://localhost:1123;

    and do the same again to forward 1514 to 1513.

    this issue before? I've read some other posts in the forums and tried some of them as well as tried to use hiawatha as recommended on http://wiki.synchro.net/howto:hiawatha, but I think nginx is a bit faster and more industry standard from what I've seen.

    I don't have a strong opinion on which reverse proxy to use, but I do use nginx myself out of familiarity more than anything else. It serves me well and is pretty easy to set up.

    Though someone added a Hiawatha article to the wiki, it's not recommended over any other solution. Any reverse proxy will do, and there's nothing special you need to do to Synchronet in order to get it working with one, apart from possibly telling the webserver to listen on some other port(s). IMHO that article doesn't really belong on the wiki, as Hiawatha's own documentation ought to cover what's necessary already (and same goes for any other reverse proxy).

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Ke6yjc@VERT/TNETBBS to echicken on Mon Apr 17 15:14:58 2017
    Okay, that worked! WOOHOO, now for the hard question or maybe it's an easy one. How does the webui know to use ports 1124 / 1514 as the ports when you connect via HTTPS? Is this just hard coded into your web interface code? Can these ports be changed somewhere? Not that I want to chance them, but just trying to understand how it's picking ports.

    Thanks for the help echicken!

    ---
    þ Synchronet þ Origin: Techienet BBS | Fresno, CA | bbs.techienet.com
  • From echicken@VERT/ECBBS to Ke6yjc on Tue Apr 18 10:11:13 2017
    Re: synchronet web v4 mod
    By: Ke6yjc to echicken on Mon Apr 17 2017 15:14:58

    one. How does the webui know to use ports 1124 / 1514 as the ports when you connect via HTTPS? Is this just hard coded into your web interface

    Actually I think I forgot to mention this part. There are two additional settings that you can add to the [web] section of ctrl/modopts.ini:

    websocket_telnet_port = 1124
    websocket_rlogin_port = 1514

    These values are not hardcoded anywhere. If these settings are absent, the port numbers specified in ctrl/services.ini for WebSocketTelnet and WebSocketRLogin are used.

    Okay, that worked! WOOHOO, now for the hard question or maybe it's an easy

    So now I'm not sure why it started working for you, unless you also added the above settings to modopts.ini or changed something else.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Ke6yjc@VERT/TNETBBS to echicken on Tue Apr 18 13:54:56 2017
    Re: synchronet web v4 mod
    By: Ke6yjc to echicken on Mon Apr 17 2017 15:14:58

    Actually I think I forgot to mention this part. There are two additional settings that you can add to the [web] section of ctrl/modopts.ini:

    websocket_telnet_port = 1124
    websocket_rlogin_port = 1514

    I did add this to the modopts.ini

    These values are not hardcoded anywhere. If these settings are absent, the port numbers specified in ctrl/services.ini for WebSocketTelnet and WebSocketRLogin are used.

    So now I'm not sure why it started working for you, unless you also added the above settings to modopts.ini or changed something else.

    What I was trying to figure out is that when you install out of the box the system uses ports 1423/1513 when using http://bbs.xxxxxx.com, but when you https://bbs.xxxxxx.com it appears the system looks for the alternate websocket ports in the modopts.ini file? Why can't it just use ports 1423 and 1513?

    Sorry if I'm all confusing. :)

    ---
    þ Synchronet þ Origin: Techienet BBS | Fresno, CA | bbs.techienet.com
  • From echicken@VERT/ECBBS to Ke6yjc on Wed Apr 19 11:50:45 2017
    Re: synchronet web v4 mod
    By: Ke6yjc to echicken on Tue Apr 18 2017 13:54:56

    What I was trying to figure out is that when you install out of the box the system uses ports 1423/1513 when using http://bbs.xxxxxx.com, but when

    As far as I am aware, a clean install doesn't have any websocket services configured by default. The installation instructions on my github page suggest adding two blocks to ctrl/services.ini, with websocket-telnet and websocket-rlogin services listening on 1123 and 1513 respectively.

    you https://bbs.xxxxxx.com it appears the system looks for the alternate websocket ports in the modopts.ini file? Why can't it just use ports 1423 and 1513?

    Most browsers will not mix secure and insecure content. If a page served
    over HTTPS tries to open a websocket connection, that websocket connection must be over SSL/TLS also. If a secure client tries to talk to an unsecured service, it won't work.

    The unsecured websocket services still need to be running, bound to ports, listening for clients. The reverse proxy needs to listen on some other ports, and pass traffic between secure clients and the unsecured services.

    The web UI tries to automatically determine which ports fTelnet should use to connect to the websocket services. In most cases, these will be the same ports specified in services.ini. This makes it easier for most sysops.

    Those who are using a reverse proxy need to override the port numbers that fTelnet is told to connect to. This is achieved via the websocket_x_port settings in the [web] section of modopts.ini. This is what makes fTelnet connect to the reverse proxy rather than the unsecure services.

    There are a few ways I could facilitate all of this. Right now it's geared toward keeping it simple for the majority of sysops, and avoiding redundant configuration options. If fTelnet were to always connect to the same ports regardless of SSL/TLS usage, there would be other hoops to jump through on the back end to make it work.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com