Speedtest-Tracker icon indicating copy to clipboard operation
Speedtest-Tracker copied to clipboard

Published 20 hours ago verified publisher icon henrywhitaker3

[HELP] Speedtest running in docker behind NGINX reverse proxy on different machine

Open CBismark opened this issue 3 years ago • 8 comments

Hello together,

I am trying to get this wonderful speedtest tracker to be accessible through my NGINX reverse proxy that runs on my Raspberry Pi 4, where my home automation resides. All infos:

Speedtest-Tracker runs on a Synology DS720+ in a docker container. The Ports for HTTP and HTTPS are set to 49168 and 49169, respectively. My raspberry pi 4 has an NGINX-Server running to enable reverse-proxied access to the different services (usually running on the Pi itself). When I bought the Diskstation, I installed the Speedtest-Tracker and since then I am unsuccessfully trying to get it to run through the reverse proxy. I also activated another reverse proxy on the Diskstation to server the localhost:49168 to speedtest.my-diskstation-name.synology.me. I can access that through any browser of my choice and it works. I can't get it to work with my Raspi-NGINX.

The location block from NGINX looks like this:

location /speedtest/ {
    	satisfy any;
    	allow 192.168.178.29;
        allow 192.168.178.26;
	allow 192.168.178.72;
	allow 192.168.178.34;
    	deny all;
        proxy_set_header X-Forwarded-Host 		$http_host;
        proxy_set_header Host                   $http_host;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header Connection 			"upgrade";
        proxy_set_header Upgrade	 			$http_upgrade;
	proxy_set_header Accept-Encoding "";
	sub_filter 'href="/files/'  'href="https://speedtest.my-diskstation-name.synology.me/files/';
	sub_filter '/files/'  'https://speedtest.my-diskstation-name.synology.me/files/';	
	sub_filter_once off;
      	sub_filter_types *;
	proxy_pass https://speedtest.my-diskstation-name.synology.me/;		
        proxy_read_timeout  60;
  	}

As you can see, I tried to change the links through sub_filters because my NGINX tried to access the files on the RPi, not the diskstation. At first I tried it with the raw IP address, then with the new reverse proxy on the diskstation, because I thought that would change anything.

Does anyone have an idea what I am doing wrong and what can be changed to make this work?

Kind Regards,

Christoph

CBismark avatar Mar 27 '22 19:03 CBismark

You haven’t told Nginx to pass the traffic to your synology.

You need to put this in the location specification

location /speedtest/ { proxy_pass url.or.up.of.synology:port satisfy any; allow 192.168.178.29; allow 192.168.178.26;

Sent from my iPhone

On 27 Mar 2022, at 20:46, CBismark @.***> wrote:

 Hello together,

I am trying to get this wonderful speedtest tracker to be accessible through my NGINX reverse proxy that runs on my Raspberry Pi 4, where my home automation resides. All infos:

Speedtest-Tracker runs on a Synology DS720+ in a docker container. The Ports for HTTP and HTTPS are set to 49168 and 49169, respectively. My raspberry pi 4 has an NGINX-Server running to enable reverse-proxied access to the different services (usually running on the Pi itself). When I bought the Diskstation, I installed the Speedtest-Tracker and since then I am unsuccessfully trying to get it to run through the reverse proxy. I also activated another reverse proxy on the Diskstation to server the localhost:49168 to speedtest.my-diskstation-name.synology.me. I can access that through any browser of my choice and it works. I can't get it to work with my Raspi-NGINX.

The location block from NGINX looks like this:

location /speedtest/ { satisfy any; allow 192.168.178.29; allow 192.168.178.26; allow 192.168.178.72; allow 192.168.178.34; deny all; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; proxy_set_header Accept-Encoding ""; sub_filter 'href="/files/' 'href="https://speedtest.my-diskstation-name.synology.me/files/'; sub_filter '/files/' 'https://speedtest.my-diskstation-name.synology.me/files/'; sub_filter_once off; sub_filter_types *; proxy_pass https://speedtest.my-diskstation-name.synology.me/; proxy_read_timeout 60; } As you can see, I tried to change the links through sub_filters because my NGINX tried to access the files on the RPi, not the diskstation. At first I tried it with the raw IP address, then with the new reverse proxy on the diskstation, because I thought that would change anything.

Does anyone have an idea what I am doing wrong and what can be changed to make this work?

Kind Regards,

Christoph

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.

tuckshoprn avatar Mar 27 '22 22:03 tuckshoprn

Hi,

thanks for your answer. I didn't express myself clearly enough. the statement

proxy_pass https://speedtest.my-diskstation-name.synology.me/; points to the reverse proxy running on my diskstation, which exposes the speedtest-docker-container. Through this, I can access the speedtest e.g. from a browser. Before, I also tried proxy_pass 192.168.178.86:49168; to let the NGINX on the RPi 4 access the diskstation-hosted speedtest, but that didn't work either.

Kind Regards,

Christoph

CBismark avatar Mar 28 '22 09:03 CBismark

I’d start by removing all the extra pieces out of the config, for example the IP restrictions you have in place as these may be preventing the proxy pass. See if you can get it working using just the basic proxy_pass under the location without any other restrictions or options. If that works, start adding in your restrictions one at a time. It may be the fact that you have 2 proxies in line that is messing things up as a misconfiguration of one may prevent the traffic from the other. Is there really a need for the second proxy on the synology? If not I’d get rid of it to reduce the points of failure.

I moved away from Nginx to Traefik, and have found that a bit better. It was initially very tricky to get my head around, but there is plenty of documentation to help out.

Sent from my iPhone

On 28 Mar 2022, at 10:01, CBismark @.***> wrote:

 Hi,

thanks for your answer. I didn't express myself clearly enough. the statement

proxy_pass https://speedtest.my-diskstation-name.synology.me/; points to the reverse proxy running on my diskstation, which exposes the speedtest-docker-container. Through this, I can access the speedtest e.g. from a browser. Before, I also tried proxy_pass 192.168.178.86:49168; to let the NGINX on the RPi 4 access the diskstation-hosted speedtest, but that didn't work either.

Kind Regards,

Christoph

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.

tuckshoprn avatar Mar 28 '22 11:03 tuckshoprn

This is what I tried first. But still, I did it again, my location block now looks like this: location /speedtest/ { proxy_pass http://192.168.178.86:49168/; } What now happens is that the speedtest-tracker tries to load its resources from my RPi4, because the paths are set like /files/js/jquery.min.js and it gets interpreted as http://192.168.178.49/files/js/jquery.min.js, with 192.168.178.49 being my RPi4 address. That's why I tried to use the sub_filter to hard-code the correct IP address of my diskstation and replace the RPi4-IP address. But that didn't work either.

EDIT: I played around a bit more and at least got it to work from my local network using the following location block location /speedtest/ { sub_filter 'href="/speedtest/files/' 'href="http://192.168.178.86:49168/speedtest/files/'; sub_filter '/speedtest/files/' 'http://192.168.178.86:49168/speedtest/files/'; sub_filter_once off; sub_filter_types *; proxy_pass http://192.168.178.86:49168/speedtest/; } This works together with setting the BASE_PATH variable to '/speedtest/' However, when trying to access it from outside (e.g. my phone through mobile network) it doesn't load anything, tha page stays blank. every other service can be accessed from outside (e.g. my smart home instances, logger or grafana). Also, if that helps anyhow, when accessed from local network through my NGINX, the fonts don't load correctly. The error is Access to font at 'http://192.168.178.86:49168/speedtest/files/icons/themify/fonts/themify.ttf?-fvbane' from origin 'http://192.168.178.49' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

CBismark avatar Mar 28 '22 18:03 CBismark

Can you manually enter in the browser http://Rpi-ip/speedtest/files/js/jquery.min.js and see if it appears? This would at least tell you if it was there. You may then need to change the headers that get forwarded etc.

Sent from my iPhone

On 28 Mar 2022, at 19:21, CBismark @.***> wrote:

 This is what I tried first. But still, I did it again, my location block now looks like this: location /speedtest/ { proxy_pass http://192.168.178.86:49168/; } What now happens is that the speedtest-tracker tries to load its resources from my RPi4, because the paths are set like /files/js/jquery.min.js) and it gets interpreted as [http://192.168.178.49/files/js/jquery.min.js, with 192.168.178.49 being my RPi4 address. That's why I tried to use the sub_filter to hard-code the correct IP address of my diskstation and replace the RPi4-IP address. But that didn't work either.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.

tuckshoprn avatar Mar 28 '22 20:03 tuckshoprn

I edited my last Post, please read the changes I made.

CBismark avatar Mar 29 '22 07:03 CBismark

Well could you try something like this and post your observations:

  • In the Speedtest Tracker configuration, set BASE_PATH to /speedtest - look, no trailing slash
  • Use this Nginx configuration:
location /speedtest {                                      # look again, **no** trailing slash
    proxy_set_header  Host               $host;
    proxy_set_header  X-Real-IP          $remote_addr;
    proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Host   $host;
    proxy_set_header  X-Forwarded-Server $host;
    proxy_set_header  X-Forwarded-Port   $server_port;
    proxy_set_header  X-Forwarded-Proto  $scheme;
    proxy_pass        http://192.168.178.86:49168;         # still, **no** trailing slash - Synology IP address
}
  • And finally, browse to http://192.168.178.49/speedtest/ - RPi IP address, and here, with trailing slash

jeritiana avatar Apr 25 '22 07:04 jeritiana

Thanks for your input. That config doesn't work, I suppose partly because I can't access the speedtest on the synology under http://192.168.178.86:49168, where the proxy_pass points, because it is only availiable under http://192.168.178.86:49168/speedtest. With this config block it works in the local network, but does not when I access my RPi from the outside:

location /speedtest/ {
	satisfy any;
	allow 192.168.178.29;
	allow 192.168.178.26;
	allow 192.168.178.72;
	allow 192.168.178.34;
	allow 192.168.178.35;
	deny all;
	sub_filter 'href="/speedtest/files/'  'href="http://192.168.178.86:49168/speedtest/files/';
	sub_filter '/speedtest/files/'  'http://192.168.178.86:49168/speedtest/files/';	
	sub_filter_once off;
	sub_filter_types *;
	proxy_pass http://192.168.178.86:49168/speedtest/;
}

I guess it doesn't work from outside because of the sub_filters that point to local addresses?

CBismark avatar Apr 27 '22 19:04 CBismark