Proxy settings advice - things appear disconnected

chas_iot · October 6, 2019, 2:34pm

After the help to get a https server running, I have my gateway behind an nginx reverse proxy, so I can access it via the internet.
When I connect and login via the internet address, all of the Things are greyed out. However, when connected via the local network, all of the Things are active.

From the internet, I can change the properties on the Thing page and, for example, the actual light is turned on. However events such as opening a door do not update the associated Thing properties.

Other functions, such as the Logs (via the internet) are also affected but most settings work perfectly (all that I have tried work, but have not tried all).

I suspect that the issue is my complete inexperience of setting up nginx. Does anyone have advice?

My nginx proxy settings look like the following (this is inside a server block dedicated to my gateway)
location / {
proxy_buffering off;
proxy_pass https://xxx.xxx.xxx.xxx/;
}

chas_iot · October 7, 2019, 6:02am

I’ve found some links that may explain the issue: by default, nginx immediately terminates each connection, with no keepalive. When I get home, I’ll try this out and post about the results.

chas_iot · October 7, 2019, 5:02pm

Unfortunately that did not fix it. Or it only fixed part of the issue…

[edit to remove outdated settings]

mstegeman · October 7, 2019, 4:37pm

The problem is that you’re not proxying WebSockets, which is what the UI uses to do real-time communication with the gateway. Check out this thread, as I posted some good resources there.

chas_iot · October 7, 2019, 4:57pm

wonderful @mstegeman, thanks

under light testing, this does the trick

upstream mozgw {
    # address on home network
    server a.b.c.d:443;
    keepalive 64;
}

map $http_upgrade $connection_upgrade {
        default upgrade;
        "" close;
}

server {
    # address on internet
    listen w.z.y.z:443 ssl;
    server_name mozgw.example.org;
    ssl_certificate mozgw.cer;
    ssl_certificate_key mozgw.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
    ssl_session_tickets on;
    ssl_session_cache builtin:0 shared:SSLMOZGW:1m;
    ssl_session_timeout 5m;
    keepalive_timeout 75s;

    location / {
        # defined in the upstream section above
        proxy_pass https://mozgw/;

        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header Upgrade $http_upgrade;
    }
}