Question about sish x nginx x websockets
XeroxDev opened this issue · 2 comments
Hey. I've a kinda "hacky" setup of sish and need a bit of help.
Setup
docker-compose.yml
version: '3.7'
services:
sish:
image: antoniomika/sish:latest
container_name: sish
volumes:
- ./pubkeys:/pubkeys
- ./keys:/keys
ports:
- "rport:rport"
- "rport2:80"
command: |
--ssh-address=:rport
--http-address=:80
--authentication=true
--https=false
--authentication-keys-directory=/pubkeys
--private-keys-directory=/keys
--bind-random-ports=false
--bind-random-subdomains=false
--domain=my-domain
--admin-console=true
--admin-console-token=random-token
--log-to-client=true
--ping-client=true
--https-ondemand-certificate=false
--bind-any-host=true
--authentication-password=""
restart: alwaysid-sub.domain.tld.conf
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name sub.domain.tld *.sub.domain.tld;
return 301 https://$http_host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.domain.tld *.sub.domain.tld;
ssl_certificate /path/to/cert/fullchain.pem;
ssl_certificate_key /path/to/cert/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://sish:rport2;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_http_version 1.1;
proxy_hide_header X-Frame-Options;
proxy_cache_bypass $http_upgrade;
proxy_pass_header Set-Cookie;
proxy_connect_timeout 7d;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
}
}Explaination
I know, this is not the best setup. I just tried to accomplish an nginx reverse proxy to sish. I don't need sish to create certs, because I've already a wildcard for it (with automatic refresh).
The reason why I disabled "https" in sish and use "sish http:80" was: It kept trying generating own and even after adding
--https-ondemand-certificate=false
--bind-any-host=true
It didn't worked and just threw errors. So I disabled it completely and make an normal http connection on the machine itself and it worked.
Issue
Connection etc works, but I've issues with web sockets...
I've a DotNet Blazor Server setup (which uses websockets / signalr) but after 5 secs of inactivity, the reconnect screen occurs
Client CLI says:
Server Logs are saying:
Maybe you know the issue? Or can help me setting it up correctly?
And thank you for the awesome work!
Btw. I've created a small powershell script which can be added to the users profile so the usage is a bit easier.
function sish {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,Position=0)]
[string]$LocalAddress,
[Parameter(Position=1)]
[string]$SubDomain = ""
)
if ($LocalAddress -eq "admin") {
Start-Process "https://sub.domain.tld/_sish/console?x-authorization=token"
return "Opening Admin-Panel"
}
if ($SubDomain) {
$SubDomain += ":"
}
# Execute the SSH command
& ssh -p SSHPORT -R ${SubDomain}80:$LocalAddress sub.domain.tld
}Usage: sish local-address subdomain (optional)
Example: sish localhost:5000 dpb
This is because sish supports setting an idle-timeout on a connection that hasn't written/read any data.
You can either increase the ping interval in your websocket app, increase the timeout duration, or disable this functionality entirely using:
--idle-connection Enable connection idle timeouts for reads and writes (default true)
--idle-connection-timeout duration Duration to wait for activity before closing a connection for all reads and writes (default 5s)
You likely will be fine with disabling this functionality (--idle-connection=false)
That worked, thank you very much!
Keep up this awesome work and have a nice day.