can't get /web to connect to websocket on SSL (wss)

[zyxep]

Hi,

I have pointed my nginx web server to point to the /web folder, and i have changed the connection to be a WSS: but it won't connect on localhost.

any clue?

[vegeta897]

Can you show the browser's console log after opening the page?

Anyway, I do not believe WSS will work. Sorry about that.

[zyxep]

You can look here, https://zyxep.net/

Shouldn't i get any response when the server is running ?

> node index.js

Initializing server
Tue Feb 16 2016 21:08:18 GMT+0100 (CET) 'Logged in as: d-zone - (144119011251191808)'
Connected to 1 server(s)

I don't even see anything when i connect to it with iocat

# iocat --socketio wss://127.0.0.1:3000
>

Even though there is activity on the server

[zyxep]

And i just changed it to ws:// same result.

$ iocat --socketio ws://127.0.0.1:3000
>

[vegeta897]

No, the server won't log anything if the connection is refused. That is shown only in the browser console.

I can't see the exact error you're getting since your page is pointed at 127.0.0.1, but I know that wss:// is not supported.

[vegeta897]

If you load your page with http:// instead of https:// it should work.

[zyxep]

I just changed it to http and listening on external ip, no changes.
http://zyxep.net

[vegeta897]

That's about the limit of my knowledge on the subject, sorry. Perhaps you could try a new port.

[zyxep]

Can i enable debugging in your code some how?
I just tried to start a socket.io server with iocat, and that works perfectly.

[vegeta897]

Perhaps you could add this on line 10 in socket.js to see if the websocket having issues.

wss.on('error', function(error) {
    console.error(error);
});

[zyxep]

I got it to work @vegeta897 :)
First my problem was
i didn't clone the repo, and run "npm install".
2nd i had blocked the port number in my firewall.

but now my site us running d-zone :D

[vegeta897]

@zyxep That's great to hear! Your server looks great :)

[zyxep]

It's not even my server :P but i did get permission to set it up on it.

[vegeta897]

D-Zone is a heavily WIP project and also a collection of firsts for me as a developer. My implementation of websockets was the minimum for what I needed to get it working. If someone had sent a PR to add SSL support, I would have happily accepted it. But it simply hasn't been a priority for me.

The rewrite I'm working on, on the other hand, will support SSL (and may require it, pending a design decision) since the bot client will be running in-browser.

[vegeta897]

Update to anyone following this issue who may still care, D-Zone now supports SSL in the eris branch which will soon be merged to main (merged to main).

#40

[vegeta897]

I'm reopening this because the way I implemented WSS is bad. I plan to do it in a way that works with reverse proxying.

[Griefed]

Tried to use both the v1/docker and heroku branches in a docker-container with nginx as a reverse proxy. The furthest I got was this.
For the reverse proxy, I am using this docker container by linuxserver.io with this config for the subdomain which should server D-Zone. test is the name of the container which runs D-Zone.
My discord-config.json and socket-config.json files.
I followed the guide at https://github.com/d-zone-org/d-zone/wiki/Setup-Guide-(Linux) and https://github.com/d-zone-org/d-zone/wiki/Beginner's-Setup-Guide, but no dice.
No matter what I set the discord-config or socket-config to, it never worked.
my .env file looked like this.

I was hoping simply pointing my reverse proxy at the container and it's port would work, but it sadly did not.
I've mentioned two branches at the top. Here are the dockerfiles I made for them:
heroku branch:

FROM node:8-alpine

LABEL   maintainer="Griefed <[email protected]>"
LABEL   description="Based on https://github.com/d-zone-org/d-zone/tree/v1/docker \
but pulls files from GitHub instead of copying from local filesystem. \
You must set your bot token as an environment variable and your bot must be \
a member of at least one server for this to work."


RUN     apk update && apk upgrade && apk add git                                        && \
        git clone -b heroku https://github.com/d-zone-org/d-zone.git /opt/d-zone        && \
        cd /opt/d-zone                                                                  && \
        npm install --no-optional                                                       && \
        npm run-script build                                                            && \
        apk del git

WORKDIR /opt/d-zone

RUN     node ./script/update-config.js

CMD ["npm","start"]

v1/docker branch:

FROM node:8-alpine

LABEL   maintainer="Griefed <[email protected]>"
LABEL   description="Based on https://github.com/d-zone-org/d-zone/tree/v1/docker \
but pulls files from GitHub instead of copying from local filesystem. \
You must set your bot token as an environment variable and your bot must be \
a member of at least one server for this to work."


RUN     apk update && apk upgrade && apk add git                                        && \
        git clone -b v1/docker https://github.com/d-zone-org/d-zone.git /opt/d-zone     && \
        cd /opt/d-zone                                                                  && \
        npm install                                                                     && \
        npm run-script build                                                            && \
        apk del git

WORKDIR /opt/d-zone

RUN     node ./script/update-config.js

CMD ["npm","start"]

What did work with both branches though, was setting an environment variable in docker with my bot token and running the update-config.js script. That's pretty nice.

After setting everything up according to the guides, the container itself started throwing this error as well.

In the end, I gave up. Looking forward to the day the rewrite is finished. I love the idea of d-zone. It's really awesome!
So, keep up the good work. Stay awesome and stay safe.

Cheers,
Griefed

[vegeta897]

Thanks for the comment; I'm sorry you had to go through all that to no avail. Most of this stuff is over my head and I intend to get a firmer grasp of it all when we reach that point in the rewrite.

Hope to see you again later!

[Griefed]

Happy to provide logs and some such. If you need help in the future with testing, then gimme a ping and I'll see what I can do.
My wife would love D-Zone for her Discord Server, so I'm really looking forward to the future of this project.

Good luck and see you later. 😃

[Griefed]

Holy crap. I got it to work!
Building the image with the heroku branch:

FROM node:8-alpine

LABEL   maintainer="Griefed <[email protected]>"
LABEL   description="Based on https://github.com/d-zone-org/d-zone/tree/v1/docker \
but pulls files from GitHub instead of copying from local filesystem. \
You must set your bot token as an environment variable and your bot must be \
a member of at least one server for this to work."


RUN     apk update && apk upgrade && apk add git && apk add nano                        && \
        git clone -b heroku https://github.com/d-zone-org/d-zone.git /opt/d-zone        && \
        cd /opt/d-zone                                                                  && \
        npm install --no-optional                                                       && \
        npm run-script build                                                            && \
        apk del git

WORKDIR /opt/d-zone

RUN     node ./script/update-config.js

CMD ["npm","start"]

Or using my image on DockerHub griefed/d-zone

You can deploy D-Zone with docker-compose as follows:

  d-zone:
    container_name: d-zone
    image: griefed/d-zone
    restart: unless-stopped
    volumes:
      - ./PATH/TO/YOUR/SSL/KEY_AND_CHAIN/FOLDER:/keys
    environment:
      - TOKEN=<YOUR_BOT_TOKEN_HERE>
      - CERT=/keys/fullchain.pem
      - KEY=/keys/privkey.pem

If you are using a dockerized nginx, this config may help you out. It works for me and the nginx conainer I am running:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name YOUR_SUBDOMAIN_HERE.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        proxy_set_header HOST $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass_request_headers on;
        proxy_pass http://d-zone:3000;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

You also need to exec into the container and edit the socket-config.json and change the port D-Zone runs on to 3000.
Restart the D-Zone container, and it should work now!
For more info, check the repository on

• DockerHub: https://hub.docker.com/r/griefed/d-zone
• GitHub: https://github.com/Griefed/docker-D-Zone

A working example can be viewed at https://phoenixorden.griefed.de

[vegeta897]

Wow, nice work!

Couple things I'm wondering:

• The WS server shouldn't be running in secure mode since it's behind a reverse proxy, so the CERT and KEY variables shouldn't have to be used.
• I'm wondering how the update-config script was able to run for you since it hasn't been updated to use the Eris library instead of Discord.io, and Discord.io is not in the package or the package-lock file.

[Griefed]

• Setting secure to true makes the whole thing unavailable again. My reverse proxy shows me a 502 error, even though D-Zone has the SSL-Certs at hand.
• Removing the SSL environment variables didn't change anything, the whole things still runs. That's pretty cool and I need to update my descriptions now 😂
• Hm, maybe the update-config script doesn't actually do anything. I need to try that out. Will report back if the image works without the update-config bit.

[vegeta897]

Yes, with your configuration you don't want to run in secure mode since you want the WS server to be non-secure while your nginx config handles the SSL.

Looking at the heroku branch again, the update-config script is definitely not used. The discord-config.json has an autoPopulate field which tells inbox.js to add all servers, and this just stays in memory without writing to the config file.

[Griefed]

Yup. Updated the descriptions and the image as well. Thanks for your input and sorry for the whole back and forth because of something that didn't even need to be there from the beginning 😀