iroh icon indicating copy to clipboard operation
iroh copied to clipboard

Published 20 hours ago verified publisher icon n0-computer

iroh-relay: make it possible to disable captive portal

Open link2xt opened this issue 10 months ago • 1 comments

There is an option captive_portal_port but in my case HTTP port is already taken by acmetool redirector service: https://github.com/n0-computer/iroh/blob/b07547b68eb771e789474ad4f1344e02b2223f95/iroh-net/src/bin/iroh-relay.rs#L228

Having captive portal on any port other than 80 does not really make sense if I understand correctly its purpose (maybe to put it behind reverse proxy, but then I can configure nginx or whatever reverse proxy to respond however I want myself), so would be better if there was an option to just disable it. As a workaround I have moved it to an arbitrary port.

link2xt avatar Apr 11 '24 15:04 link2xt

Huh, yeah this is messy. It seems the captive portal can not be disabled at all as setting None will use DEFAULT_CAPTIVE_PORTAL_PORT which is 80. Setting it to an arbitrary port that is not exposed is indeed probably the best you can do to disable it for now.

It seems that netcheck uses the RelayUrl as-is for the captive portal. However you can't put the port number in the URL as then the relay client in iroh-net will also use it for the relay protocol. If the port is not specified in the URL the captive portal check will use the HTTP default port while the relay client will use the HTTPS default port.

It should be noted that the captive portal check is not really required to work. If it detects a captive portal it's a small optimisation which helps netcheck be a little bit more generic in finding a working connection, but in practice it probably doesn't do that much especially since we still only have 2 relay servers. This could make a little more difference once there are more than 2 relay servers, but even then.

I think I agree with your assessment that setting this to a custom port is only really useful for a reverse proxy. But indeed the response is so trivial that you might as well configure the proxy to respond itself directly.

It could be made more useful if we allowed a captive portal check on custom ports, maybe with a URL parameter like ?captive_port_port=123 in the RelayUrl. Not sure how useful that is.

Anyway, a lot of words because I wanted to write down what I figured out looking at this. We should indeed make it possible to disable the captive portal on the relay server.

flub avatar Apr 12 '24 09:04 flub

Fixed by https://github.com/n0-computer/iroh/pull/2341. If not feel free to reopen

flub avatar Jun 18 '24 12:06 flub