How to configure DNS Websocket Proxy
So far I have a webapp site where is secured under the DNS proxy. All good. Till now I have to add websockets. We opted to use Laravel Reverb. So to not expose the server IP, we also want to use the DNS proxy for the Laravel Reverb nginx site record. But then, when I do it, websockets just stop working. If I remove the proxy DNS for the Laravel Reverb record, it works again.
Have you ever faced this issue? How would you fix it?
41 Replies
Update: I had the websocket port open at 6000, changed it, now is on 9502 but still doesn't work
Neither of those ports is supported by Cloudflare. I'd recommend keeping Websocket requests on port 443 and then use Origin rules to change websockets to a different origin port.
Also, did you enable Websockets in the Cloudflare dashboard?
i mean, yes, i use 443 for the websockets but then it redirects to the actual port. is that how it should work, right?
no, i havent enabled it. i already saw it checked
and i can share u the nginx site configs if needed
use different port then like
2053
2083
2087
2096
8443
even for internal then, try and see if that works
i tried the 2053, it doesnt work if the DNS proxy is enabled
if the DNS proxy is disabled, it works with that port
What exactly do you mean by redirect?
i chose wrong words. sorry for that. i meant, for the websocket nginx site, i listen on 443, but then, internally, i do "proxy_pass" to the port 2053
im quite new on configuring servers n stuff, so ill try to be more concise in next messages
All good. If you use nginx do proxy WS requests to the correct port, there shouldn't be any problem.
there is no problem only if i dont use the cloudflare dns proxy
when i use it, then the websockets doesnt work anymore
i get the typical webtools console msg saying i cannot connect to the websocket
Do you have any Rules on Cloudflare? Do you use WS or WSS?
im trying to figure out if i use ws or wss - at the moment i found in the codebase:
enabledTransports: ['ws', 'wss'],
and for the rules on cloudflare, in which section should i search for those rules?Rules are in the Rules section 😉
Also, which SSL mode do you use? It should be Full (Strict)
id say i have no rules then, cuz never entered this section before
yep, ive got:
SSL/TLS encryption
Current encryption mode:
Full (strict)
Can't you see in the dev console whether the address is ws or wss?
found it - wss
wss://websocket.mydomain.com/app/0p104f4dfxpgb8x7j?protocol=7&client=js&version=8.4.0-rc2&flash=false
(the domain name is an example)
It's always hard to debug issues like this without actually being able to test. Do you see connection attempts in your serverlogs?
ive got a reverb.log file, but it doesnt show any errors:
tail:
INFO Stopping server on 0.0.0.0:2053.
INFO Starting server on 0.0.0.0:2053 (websocket.mydomain.com). this in the backend in frontend, devtools console: hard to debug it, not sure where to look more, lets see if i can get more logs
INFO Starting server on 0.0.0.0:2053 (websocket.mydomain.com). this in the backend in frontend, devtools console: hard to debug it, not sure where to look more, lets see if i can get more logs
I was thinking more of the nginx logs, since that's where the requests go first
last log on file
/var/log/nginx/error.log:
4mins agoThat does seem like an issue with nginx connecting to your backend
okay, so if i enable cloudflare dns proxy i have to change the nginx site config?
Can you share the nginx config? You shouldn't need to, unless you do something in nginx that isn't compatible by default
so if i shouldnt need to, then i prolly have it configured well, since if i just disable the cloudlfare dns proxy, it just works, but yeah 1sec i share the site config
/etc/nginx/sites-available/reverb.mysite.com.conf
im using certbot to handle ssl as u can see
other configs, basic stuff i guesspreviously, you said the subdomain was
websocket., here it's reverbsorry
while trying to hide my real domain i mess it
proxy_pass http://0.0.0.0:2053; that's a bit weird.is reverb
you shouldn't send traffic to
0.0.0.0 - is the backend on the same machine?same machine
Then you should use
127.0.0.1 or localhostwould maybe this fix it?
or u think there is more to fix?
I think that's definitely a potential issue, though I have no idea why enabling/disabling the proxy would have any effect on that
had to go :/, but im back (: , i tried to use
127.0.0.1 instead of 0.0.0.0 but same result
now trying localhost
btw why u say its a bit weird? having 0.0.0.0 is okay i guess, no? or u think its better to not use it?
i dont know what should i try next, any ideas? idk how to debug it furtherHave you tried changing your address from 0.0.0.0? Your logs show that nginx can't connect to the upstream, so you'll have to figure out why that is and why using Cloudflare would have an impact on that.
i tried to use
127.0.0.1 instead of 0.0.0.0, but same resultOne more idea I have is that it has something to do with Cloudflares URL or Header normalization. Does your app depend on these being in some specific format?
im just using ascii chars, reverb.mysite.com. not sure if that answers the question, i struggled trying to understand it
Does your app need headers in upper case for example? All header going through Cloudflare would be in lower case. Things like that.
Cloudflare also normalizes the URL if you didn't disable that.
no, it doesnt need it
Then I'm all out of ideas.
😫 dont worry, u already tried to help me a lot, and i appreciate it
if at least i could debug it somehow, but that is the hard part, that idk how to follow any trace