quakejs-docker
quakejs-docker copied to clipboard
treyyoder
Trying start behind a reverse proxy...
I can reach quakejs on LAN but not all I wanna frag is on LAN, so I thought hey lets give it a subdomain and let the carnage begin!
But oh now... localip:8080 works, nginx reverse proxy points to localip:8080 as so many other subdomains, but this gives me an forbidden error (111) and in the browser it says 502.
I’m really not that familiar with reverse proxies, but if you figure it out let me know. I’ll leave this issue open and see if we can solicit some feedback from the community.
@treyyoder Would it be possible to add a self signed cert and load apache with SSL, then the reverse proxy will work ( I think).
ratnose, I use subdirectories so that my main Let's Encrypt cert works for anything I add. i.e. www.myserver.com is SSLd and so when I spun this up www.myserver.com/quake/ was signed as well. But, using apache as my reverse proxy, I just couldn't get it to work. What do I forward port 8080 or 27960? Both? I want to get this going so I can invite people but not need them to be on LAN.
Hey all. Created an account to join in. I know ratnose from another group.
I have a partly working nginx config to use with the QuakeJS container, however the problem is that I need to have SSL to SSL transfer of the files from Apache to Nginx. In the browser console, it is being blocked.
Basically, it is an all or nothing approach with the HTTPS side to get it working with the reverse proxy. It is either all traffic between the Apache server to the Nginx server is over HTTPS, or it all has to be over HTTP.
I feel a self signed cert would the way to go on the Apache server and to allow HTTPS on it rather than purely HTTP.
If I can get my config working, I don't mind sharing what I have for those that would like to use it.
@NitroBiedermann If you get your config working, I would be interested to use it.
Currently, the game is accessible with the following URL: http://<hostname>:8000.
But I'll like to access it using a subdomain name and proxy pass: https://quake.<hostname>
@nazarimilad I'll share once I have mine working when the internal Apache server has an SSL cert loaded.
One thing that would probably fix the problem for all is to just use '//' instead of 'http://' or 'https://' when referencing scripts or building urls to call via javascript. It's an old trick and all browsers support it. It basically just tells the browser to use whatever protocol the page was loaded with.
So I've gotten as far getting the JS logo to load on the webpage when running it behind traefikv2 with HTTPS enforced, I've been unable to get any further than that though unfortunately. Dropping my compose file for quake for anyone who may know more.
`version: "3.8"
QuakeJS - Quake JS server
services:
quakejs:
container_name: quakejs
image: treyyoder/quakejs:latest
restart: unless-stopped
networks:
- t2_proxy
security_opt:
- no-new-privileges:true
environment:
- HTTP_PORT=80
- SERVER=192.168.1.121
labels:
- "traefik.enable=true"
## HTTP Routers
- "traefik.http.routers.quakejs-rtr.entrypoints=https"
- "traefik.http.routers.quakejs-rtr.rule=Host(quake.$DOMAINNAME)"
- "traefik.http.routers.quakejs-rtr.tls=true"
## Middlewares
- "traefik.http.routers.quakejs-rtr.middlewares=chain-oauth-filtered@file" # Google OAuth 2.0 w/ IP Filter
## HTTP Services
- "traefik.http.routers.quakejs-rtr.service=quakejs-svc"
- "traefik.http.services.quakejs-svc.loadbalancer.server.port=80"
networks: t2_proxy: external: true`
The issue, at least from my Chrome debug console, is that apache needs to have SSL enabled with a self-signed cert. I'm at the same situation as you are with only the logo showing up behind my nginx reverse proxy.
The browser logs will say that the scripts cannot be loaded from unsecured sources, aka from the apache server.
I'm getting this from within firefox.
Blocked loading mixed active content "http://192.168.1.121/assets/manifest.json"
I believe it's because I'm forcing HTTPS but it pulls the content using http, not sure if there would be a good way of dealing with this. I did change the server address to 127.0.0.1 as supposedly this resolves the mixed active content issue but I then get.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1/assets/manifest.json. (Reason: CORS request did not succeed).
Seems that because the Apache server as you said is using HTTP you're unable to run the quake server using HTTPS.
Basically the quick fix is to set your toml to load the QuakeJS server in HTTP only and then it works. In general, the content will need to load from HTTP to HTTP, or HTTPS to HTTPS. My problem is my nginx is using global configs that push everything to HTTPS and I really don't feel like redoing all of it just for QuakeJS when the easy fix would be to have the Apache load in HTTPS in addition to HTTP.
Exactly my scenario, my traefik proxy redirects all http requests to https, not sure if I can have service specific setups created but ideally i'd rather it was all using https if I'm going to be sharing externally, otherwise i'll just host it locally :)
Indeed, I would prefer to host it over HTTPS as well. For now, I can host it locally and it works just fine, but I'd like to share the link with a few people securely externally, however I can always wait for that.
Would also love to be able to host for external users, rather than just local. I'm not very adept at all when it comes to this stuff though and mainly get by on spaceinvaderone tutorials. I thought I was going mad earlier before I found this post trying to get this to work through my reverse proxy.
I had assumed this would be easier for me to figure out, essentially you should be able to go into the container and follow this guide. https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04 Once thats all sorted out it should be easier to natively integrate it into the dockerfile.
I tried nginx with no luck, i just get a JS logo. Id like to know what config to use if anyone figures it out. This is what im using now. `
server { listen 80; server_name q3.domain.com; location / { # Connectivity Options proxy_http_version 1.1; proxy_pass http://localip:port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
`
Can't believe I commented two years ago and this issue is still floating around 😁.
Anyways, there's nothing anyone can do to solve this. The problem is hard-coded "http://" links in the source code. The only way to fix it is to fork it and change the source code, or modify the returned html in flight as it is proxied. I know IIS can do some regex matching and replacement stuff, no idea if others (nginx, etc.) can as well.
change the source code
Have you had any luck getting this to work @professor-farnsworth? I attempted it ( see #12 ) with no joy.
The other issue putting it behind nginx is CORS header 'Access-Control-Allow-Origin' missing - where the server isn't allowing the requests because of a Same Origin Policy
I believe you can modify the contents using nginx. https://nginx.org/en/docs/http/ngx_http_sub_module.html
Not sure about the CORS issue though. I haven't touched this much in a while though.
You all aren't going to love this answer. However, it is an answer of sorts. You can get it working on a subdomain through Nginx Proxy Manager (sort of), but you won't get SSL.
Here's what I did:
- Log into nginx proxy manager so you're at the main page
- Go to Hosts > Redirection Hosts
- Click "Add redirection host"
- Domain names = your_sub_domain.your_domain.whatever
- Scheme = http
- Forward Domain = your external IP, colon, your forwarded port (ex: 12.345.678.912:8080)
- HTTP Code = 308 permanent redirect
- Preserve Path = on
- Save
It's not perfect but it's what I got. Cheers to a great game.
Same problem. Using Traefik on truenas, so it's not as easy to change my proxy configs -
I think this guy has the right idea but I haven't built the image and tried it yet - https://github.com/PrinzWalium/quakejs-docker-ssl
Basically the quick fix is to set your toml to load the QuakeJS server in HTTP only and then it works. In general, the content will need to load from HTTP to HTTP, or HTTPS to HTTPS. My problem is my nginx is using global configs that push everything to HTTPS and I really don't feel like redoing all of it just for QuakeJS when the easy fix would be to have the Apache load in HTTPS in addition to HTTP.
Where would you do this change from HTTP? I installed this container on Unraid. Do I need to create my own docker container?
@HotWinterDays, please try the changes in #24. This should allow for an easy reverse proxy setup.
