Trying start behind a reverse proxy...

[ratnose]

I can reach quakejs on LAN but not all I wanna frag is on LAN, so I thought hey lets give it a subdomain and let the carnage begin!

But oh now... localip:8080 works, nginx reverse proxy points to localip:8080 as so many other subdomains, but this gives me an forbidden error (111) and in the browser it says 502.

[treyyoder]

I’m really not that familiar with reverse proxies, but if you figure it out let me know. I’ll leave this issue open and see if we can solicit some feedback from the community.

[ratnose]

@treyyoder Would it be possible to add a self signed cert and load apache with SSL, then the reverse proxy will work ( I think).

[thesugarat]

ratnose, I use subdirectories so that my main Let's Encrypt cert works for anything I add. i.e. www.myserver.com is SSLd and so when I spun this up www.myserver.com/quake/ was signed as well. But, using apache as my reverse proxy, I just couldn't get it to work. What do I forward port 8080 or 27960? Both? I want to get this going so I can invite people but not need them to be on LAN.

[NitroBiedermann]

Hey all. Created an account to join in. I know ratnose from another group.

I have a partly working nginx config to use with the QuakeJS container, however the problem is that I need to have SSL to SSL transfer of the files from Apache to Nginx. In the browser console, it is being blocked.

Basically, it is an all or nothing approach with the HTTPS side to get it working with the reverse proxy. It is either all traffic between the Apache server to the Nginx server is over HTTPS, or it all has to be over HTTP.

I feel a self signed cert would the way to go on the Apache server and to allow HTTPS on it rather than purely HTTP.

If I can get my config working, I don't mind sharing what I have for those that would like to use it.

[nazarimilad]

@NitroBiedermann If you get your config working, I would be interested to use it.

Currently, the game is accessible with the following URL: http://<hostname>:8000.
But I'll like to access it using a subdomain name and proxy pass: https://quake.<hostname>

[NitroBiedermann]

@nazarimilad I'll share once I have mine working when the internal Apache server has an SSL cert loaded.

[nazarimilad]

oke thanks!

[professor-farnsworth]

One thing that would probably fix the problem for all is to just use '//' instead of 'http://' or 'https://' when referencing scripts or building urls to call via javascript. It's an old trick and all browsers support it. It basically just tells the browser to use whatever protocol the page was loaded with.

[beirbones]

So I've gotten as far getting the JS logo to load on the webpage when running it behind traefikv2 with HTTPS enforced, I've been unable to get any further than that though unfortunately. Dropping my compose file for quake for anyone who may know more.

`version: "3.8"

QuakeJS - Quake JS server

services:
quakejs:
container_name: quakejs
image: treyyoder/quakejs:latest
restart: unless-stopped
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
environment:
- HTTP_PORT=80
- SERVER=192.168.1.121
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.quakejs-rtr.entrypoints=https"
- "traefik.http.routers.quakejs-rtr.rule=Host(quake.$DOMAINNAME)"
- "traefik.http.routers.quakejs-rtr.tls=true"
## Middlewares
- "traefik.http.routers.quakejs-rtr.middlewares=chain-oauth-filtered@file" # Google OAuth 2.0 w/ IP Filter
## HTTP Services
- "traefik.http.routers.quakejs-rtr.service=quakejs-svc"
- "traefik.http.services.quakejs-svc.loadbalancer.server.port=80"

networks:
t2_proxy:
external: true`

[NitroBiedermann]

The issue, at least from my Chrome debug console, is that apache needs to have SSL enabled with a self-signed cert. I'm at the same situation as you are with only the logo showing up behind my nginx reverse proxy.

The browser logs will say that the scripts cannot be loaded from unsecured sources, aka from the apache server.

[beirbones]

I'm getting this from within firefox.

Blocked loading mixed active content "http://192.168.1.121/assets/manifest.json"

I believe it's because I'm forcing HTTPS but it pulls the content using http, not sure if there would be a good way of dealing with this.
I did change the server address to 127.0.0.1 as supposedly this resolves the mixed active content issue but I then get.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1/assets/manifest.json. (Reason: CORS request did not succeed).

Seems that because the Apache server as you said is using HTTP you're unable to run the quake server using HTTPS.

[NitroBiedermann]

Basically the quick fix is to set your toml to load the QuakeJS server in HTTP only and then it works. In general, the content will need to load from HTTP to HTTP, or HTTPS to HTTPS. My problem is my nginx is using global configs that push everything to HTTPS and I really don't feel like redoing all of it just for QuakeJS when the easy fix would be to have the Apache load in HTTPS in addition to HTTP.

[beirbones]

Exactly my scenario, my traefik proxy redirects all http requests to https, not sure if I can have service specific setups created but ideally i'd rather it was all using https if I'm going to be sharing externally, otherwise i'll just host it locally :)

[NitroBiedermann]

Indeed, I would prefer to host it over HTTPS as well. For now, I can host it locally and it works just fine, but I'd like to share the link with a few people securely externally, however I can always wait for that.

[beanman112]

Would also love to be able to host for external users, rather than just local. I'm not very adept at all when it comes to this stuff though and mainly get by on spaceinvaderone tutorials. I thought I was going mad earlier before I found this post trying to get this to work through my reverse proxy.