NodeBB socket with CloudFlare

DownPW

yes, it does

phenomlab

@DownPW You should simplify the nginx config - below a suggestion

server {
	server_name socket.XXXXX.fr www.socket.XXXX.fr mail.socket.XXXX.fr;
	access_log /var/log/virtualmin/socket.XXXX.fr_access_log;
	error_log /var/log/virtualmin/socket.XXXX.fr_error_log;
	listen x.x.x.x:443 ssl;
	listen [x.x.x.x::1]:443 ssl;
    ssl_certificate /etc/letsencrypt/live/media.XXXXXX.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/media.XXXXXXXX.fr/privkey.pem;

	location / {
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host            $http_host;
        proxy_set_header X-NginX-Proxy   true;
        proxy_set_header Upgrade         $http_upgrade;
        proxy_set_header Connection      "upgrade";
        proxy_redirect                   off;
        proxy_http_version               1.1;
        proxy_pass                       http://localhost:4567;
    }


 # managed by Certbot
}
server {
    if ($host = socket.virtuaverse.fr) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
	server_name socket.XXXXXXXX.fr www.socket.XXXXXX.fr mail.socket.XXXXXXx.fr;
	listen x.x.x.x;
	listen [x.x.x.x::1];
    return 404; # managed by Certbot
}

DownPW

@phenomlab done

phenomlab

@DownPW Also remove these lines and restart nginx

root /home/XXXXX/domains/socket.XXXX.fr/public_html;

	index index.php index.htm index.html;

DownPW

Same

DownPW

I see this on start log nodebb

phenomlab

There’s more of an issue here - try to change any CSS or JS in the ACP, and you’ll see that it does not save.

DownPW

???

phenomlab

@DownPW Now working for me in Incognito. Can you check

DownPW

@phenomlab said in NodeBB socket with CloudFlare:

There’s more of an issue here - try to change any CSS or JS in the ACP, and you’ll see that it does not save.

due to socket.io configuration in nodebb config.json file

Actually I have delete socket.io block and change CSS and save is good.

phenomlab

@DownPW Ok, but that now means you should not need the socket A record anymore because it’s not used. From the logs, the socket is running on the site’s URL.

DownPW

normal that it is not used (A record) @phenomlab because there currently, I do not use it because the socket.io block is removed from config.json.

I’m just in normal mode with Cloudflare :

I can put it back if you want ?

phenomlab

@DownPW It seems to be working fine without it, so I’d leave it. I see zero socket errors, so all good.

DownPW

because I’m alone on the server.

The goal is to try to market this method before putting it into production where i have a lot of errors

And we can see that it doesn’t work when I try to reroute the web sockets in non-proxied mode. (socket error, no save when chnage in ACP, etc…)

I don’t know if I can make myself understood. @phenomlab

phenomlab

@DownPW Understood. Even with just the two of us connected, I was still getting the websocket error, but I think that was related to config etc. In all honesty, this is yet another reason why I stopped using CF. I know you need it to hide your IP address, but if you bypass CF for the socket, you are exposing your IP anyway.

DownPW

I know, I know,

too bad… I just wanted to test this method but it seems more complex than it looks to make it work correctly

The reverse proxy method is currently too expensive for me and technically too abstract

phenomlab

@DownPW it’s your only realistic option at this stage.