WSS Problems after Upgrade with Reverse Proxy

Report bugs found in Poker Mavens
Post Reply
DonnyB
Posts: 16
Joined: Thu Jul 30, 2020 11:44 am

WSS Problems after Upgrade with Reverse Proxy

Post by DonnyB »

Hello, I recently upgraded from 6.34 Pro to 7.13 Pro. After I upgraded I can no longer login when using my internet-exposed reverse proxy (local LAN is just fine.) Console logs from Chrome indicate that PM is trying to make a websocket connection at ws://box_a:8088 instead of wss://box_b:8088, throwing an error because you can't make an unsecured websocket connection on a secured https page.

box_a hosts NGINX reverse proxy and is exposed to the internet. It handles SSL encryption between client and reverse proxy. Reverse proxy then forwards on the traffic unencrypted to box_b (hosting Poker Mavens), on the same local network.

box_a Settings
Port 443 - SSL (forwards to HTTP port 8087 on box_b)
Port 8088 - SSL (forwards to WS port 8088 on box_b)

box_b Settings
SSL Encryption: Off
Proxy WSS: On
HTTP Port: 8087
WS Port: 8088

Can confirm that using 6.34 Pro still works with my reverse proxy setup. Did a setting change in the upgrade or something?

Thanks.
DonnyB
Posts: 16
Joined: Thu Jul 30, 2020 11:44 am

Re: WSS Problems after Upgrade with Reverse Proxy

Post by DonnyB »

Typo above in first paragraph. Corrected below.

Console logs from Chrome indicate that PM is trying to make a websocket connection at ws://box_a:8088 instead of wss://box_a:8088, throwing an error because you can't make an unsecured websocket connection on a secured https page.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: WSS Problems after Upgrade with Reverse Proxy

Post by Kent Briggs »

Are you connecting to a raw IP address or a domain name? It should work via a domain name. This is because v7 supports SSL and non-SLL connections simultaneously and it keeps all raw IP connections to the HTTP port as non-SSL to prevent connection failures when SSL Redirect is enabled. And (currently) this applies to the Proxy WSS setting as well. Although I might need to rethink that part.
DonnyB
Posts: 16
Joined: Thu Jul 30, 2020 11:44 am

Re: WSS Problems after Upgrade with Reverse Proxy

Post by DonnyB »

Thanks Kent.

Domain name.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: WSS Problems after Upgrade with Reverse Proxy

Post by Kent Briggs »

DonnyB wrote: Sun Apr 23, 2023 11:19 am Domain name.
Is the box a to box b connection also via domain name? That's the one that matters to the poker software. By the way, the reason for this is to prevent a lockout condition described in this post:

viewtopic.php?p=15794#p15794

However, if SSL or SSL Redirect is off then that domain check wouldn't be needed so I'll change that in the next update.
DonnyB
Posts: 16
Joined: Thu Jul 30, 2020 11:44 am

Re: WSS Problems after Upgrade with Reverse Proxy

Post by DonnyB »

Box A to Box B is indeed based on an internal network 192.168.* IP address. Box B is not accessible from WAN.

I guess I could add a hosts entry to assign Box B a domain and connect that way. I’ll let you know if it works.
DonnyB
Posts: 16
Joined: Thu Jul 30, 2020 11:44 am

Re: WSS Problems after Upgrade with Reverse Proxy

Post by DonnyB »

Kent,

I added a hosts entry for box_b.net on box_a and changed the forwarding to that and that worked. Thanks for your help.

One possible solution would be to use the X-Forwarded-For IP to see if it needs to prevent lockout, instead of the actual IP the data is coming from.

Thanks again!
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: WSS Problems after Upgrade with Reverse Proxy

Post by Kent Briggs »

DonnyB wrote: Sun Apr 23, 2023 12:14 pm One possible solution would be to use the X-Forwarded-For IP to see if it needs to prevent lockout, instead of the actual IP the data is coming from.
The lockout could occur when you mistakenly turned on Proxy WSS when there was no proxy server (and thus no header) involved. And then you couldn't get back into the admin console to turn it off. Instead of ignoring Proxy WSS when any IP was used, I should have just checked for 127.0.0.1 instead and even then only for admin connections. Anyway since you have a good workaround in place I have time to study that some more.
Kent Briggs
Site Admin
Posts: 5878
Joined: Wed Mar 19, 2008 8:47 pm

Re: WSS Problems after Upgrade with Reverse Proxy

Post by Kent Briggs »

Now fixed in 7.14:

viewtopic.php?t=3919
Post Reply