Behind a reverse proxy
stappersg opened this issue · comments
Summary: What to do extra / special to put mailcrab behind a reverse proxy
Just mailcarb works as documented in the README.md. ( backend: cargo run, frontend: trunk serve, sendmail: swaks --to foo@bar --server 127.0.0.1:1025, URL: http://127.0.0.1:1080 )
Behind a reverse proxy I have not so much success.
It is Apache that I use as reverse proxy, this is in /etc/apache2/sites-available/000-default.conf:
$ grep -ve \# /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<location /mailcrab>
Require all granted
ProxyPass http://127.0.0.1:1080
ProxyPassReverse http://127.0.0.1:1080
</location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
$
Visiting URL http://127.0.0.1/mailcrab or http://127.0.0.1/mailcrab/ gives nothing.
Visiting URL http://127.0.0.1/mailcrab/api/messages gives JSON.
Webbrowser is firefox-esr, 91.12.0esr-1~deb10u1
With another Apache vhost
# grep -ve \# mailcrab.vincent.mig.conf
<VirtualHost *:80>
ServerAdmin stappers@stappers.it
ServerName mailcrab.vincent.mig
<location />
Require all granted
ProxyPass http://127.0.0.1:1080/
ProxyPassReverse http://127.0.0.1:1080/
</location>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/mailcrab.vincent.mig.access.log combined
</VirtualHost>
Gives http://mailcrab.vincent.mig/api/messages JSON.
And http://mailcrab.vincent.mig/ a "working" mailcrab.
The "" around working are for expressing that the manual refresh from #53 is needed.
Intermediate report: It seems to be webbrowser related.
Visiting http://localhost/mailcrab with webbrowser yields an empty page. With tcpdump -i lo port 1080 can HTTP error 404 been seen.
The same URL with curl yields the index.html
$ curl --silent http://127.0.0.1/mailcrab | grep html
<!DOCTYPE html><html lang="en"><head>
</script></body></html>
$
trunk should only be used when working on the frontend - it is intended to build and serve the frontend during development. If you want to serve mailcrab behind a proxy I suggest using one of the binary builds: https://github.com/tweedegolf/mailcrab/releases/tag/v0.17.0
With prebuild binary mailcrab-linux-x86-64-gnu-v0.17 was the previously reported 404 not seen again. With sudo tcpdump -Xi lo port 1080 can be seen that the index.html is send. Why my webbrowser, FF 91.12.0esr, that doesn't pick up, is yet unknown.
Are you setting MAILCRAB_PREFIX=mailcrab in the environment?
Are you setting
MAILCRAB_PREFIX=mailcrabin the environment?
No, I had not. :-/
With MAILCRAB_PREFIX=mailcrab in the environment does webbrowser pick up the index.html. \o/
However there is no sign of using /ws, a manual refresh as reported in #53 opening is needed to see new incoming email in the webbrowser.
Running a websocket connection over a proxy is requires more than just proxying the HTTP traffic. See for instance https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
Acknowledge I will dive further into this. For now:
paddy:~# dpkg -l apache2 | grep ^ii
ii apache2 2.4.51-2 amd64 Apache HTTP Server
paddy:~# a2query -m | grep proxy
proxy_http (enabled by site administrator)
proxy (enabled by site administrator)
paddy:~#
Yeah, works also on Apache 2.4.51-2 with mod_proxy and mod_proxy_http.
For a vhost I got succes with:
$ grep -v \# /etc/apache2/sites-available/mailcrab.vincent.mig.conf
<VirtualHost *:80>
ServerAdmin stappers@stappers.it
ServerName mailcrab.vincent.mig
Documentroot /dev/null
ProxyPass /ws "ws://127.0.0.1:1080/ws"
ProxyPassReverse /ws "ws://127.0.0.1:1080/ws"
ProxyPass / "http://127.0.0.1:1080/"
ProxyPassReverse / "http://127.0.0.1:1080/"
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/mailcrab.vincent.mig.access.log combined
</VirtualHost>
Q: What to do extra / special to put mailcrab behind a reverse proxy?
A: For Apache: Do also proxy the websocket, "ws://127.0.0.1:1080/ws". For all,
using Path prefix, use environment variable MAILCRAB_PREFIX.
(Issue is solved and left open with a next question: Where to document "Beware, websockets!"? )
We could add a section to the README about proxying the mailcrab frontend if we keep it brief. Would be nice to also include a hint on how to proxy websockets with nginx. Any PR's are welcome on this.