Repetier Monitor - Trouble connecting Server Externally

edited September 2019 in Questions & Answers
Hi Repetier,
not sure where to put repetier monitor questions. Really like that tool most importantly the auto upload feature!!

I can connect locally with local IP with no Problem. However I would love to connect it externally aswell.
I have an nginx proxy currently that works fine with the repetier server webinterface. However if I try to use that with repetier monitor it ends up creating the Server / detecting the name and Hash, but after lgin (user or token does not matter) it stays "not connected"



here is my nginx config:
server {
listen 443;
server_name repetier.<mytld>.de;

client_max_body_size 10G;

ssl_certificate /etc/letsencrypt/live/repetier.<mytld>.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repetier.<mytld>.de/privkey.pem;

ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/repetier.<mytld>.de.access.log;

location / {
proxy_pass http://10.10.10.56:3344;
}
location /socket/ {
proxy_pass http://10.10.10.56:3344/socket/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
printer frontend does not require password, so we forbid it from external
location /mod/front/ {
deny all;
}
location /modules/front2/ {
deny all;
}
}
at first I thought it might be related to the to deny all for /mod/front/ and /modules/front2 but removing them did not change the behaviour. Any ideas? Grüße

Comments

  • Ok, never remove the  /mod/front/ and /modules/front2 part for safety.
    Detecting server is a simple get request, but connection uses the socket, so problem is more likely that the socket gets interrupted/modified/blocked on it's way. Might also that websocket with https is the problem. That requires wss instead of ws as protocol. Could you test http instead.

    If http works, do you have a valid certificate or a self signed? I do not think self signed certificates will be accepted by wss.
  • Same for http over 80 so does not seem to be SSL related. Any logfile I can look into that might get some insight?
    SSL Cert is letsencrypt so not self-signed.

    server {
    listen 80;
    server_name repetier.<mytld>.de;

    client_max_body_size 10G;
    access_log /var/log/nginx/repetier.access.log;
    location / {
    proxy_pass http://10.10.10.56:3344;
    }
    location /socket/ {
    proxy_pass http://10.10.10.56:3344/socket/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_read_timeout 86400;
    }
    # printer frontend does not require password, so we forbid it from external
    location /mod/front/ {
    deny all;
    }
    location /modules/front2/ {
    deny all;
    }
    }
    my /socket location is fine? I guess I copied from some thread from you so should be fine?
  • Ok found the reason. If I compare the socket requests:

    91.38.27.223 - - [21/Sep/2019:19:30:11 +0200] "GET /socket HTTP/1.1" 301 185 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Repetier-Server-Monitor/1.0.0 Chrome/76.0.3809.139 Electron/6.0.7 Safari/537.36"
    91.38.27.223 - - [21/Sep/2019:19:30:14 +0200] "GET /socket/?lang=de&sess=Ylsce%26aHfdsfsdfskaX2Z8yuf HTTP/1.1" 101 394491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"

    First comes from monitor second from web gui which works. First gets answered with error code 301 moved permanently while the other works. Small difference is that monitor names it /socket while web gui names it /socket/ and the difference makes nginx handle it differently. I have added a / for next monitor release so that it passes the rule. Maybe there is also a way to make nginx pass it. Removing the / in location at least did not help.
  • thank you for digging into this! 
    looking forward to the next release :) 
Sign In or Register to comment.