Hi,
My SBBS is running on a Raspberry Pi, but inside my private LAN.
I don't want to open port 80 and 443 of the Pi directly to the Internet, as I already have an Apache web server running on another machine which is available via my IPv4 address.
So I'm using the VirtualHost function of Apache to make my SBBS Web (v4) portal available via this webserver and I'm "tunneling" everything, including the Websocket for fTelnet, through it.
Here is my configuration on the Apache side:
==== nail here [x] for new monitor ====
<VirtualHost *:80>
ServerName box.my.imzadi.de
ServerAlias box.imzadi.de
Redirect permanent /
https://box.my.imzadi.de/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin
webmaster@imzadi.de
ServerName box.my.imzadi.de
ServerAlias box.imzadi.de
ErrorLog ${APACHE_LOG_DIR}/box-error.log
CustomLog ${APACHE_LOG_DIR}/box-access.log combined
SSLEngine on
SSLCertificateFile /etc/acme.sh/box.my.imzadi.de/box.my.imzadi.de.cer
SSLCertificateKeyFile /etc/acme.sh/box.my.imzadi.de/box.my.imzadi.de.key
ProxyRequests Off
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "http"
ProxyPass "/ftelnet" "ws://192.168.14.85:1123/"
ProxyPassReverse "/ftelnet" "ws://192.168.14.85:1123/"
ProxyPass "/" "
http://192.168.14.85:8080/"
ProxyPassReverse "/" "
http://192.168.14.85:8080/"
</VirtualHost>
==== nail here [x] for new monitor ====
Some information here:
The first VirualHost is for port 80, and will tell the browser to switch to HTTPS - so the web connection is HTTPS only.
I'm using Let's Encrypt with acme.sh, but on my Apache server, so SBBS does not need any SSL certificates - and I'm guessing that using HTTP inside my local LAN is not insecure :)
I don't know it the "X-Forwarded-Proto" "http" is needed, I left it there, because in another proxy setting it worked.
The first ProxyPass lines will create a virtual subdirectory "/ftelnet" which will point to the WS service of SBBS on port 1123.
And the second ProxyPass lines will forward the rest ("/") to the SBBS HTTP port, which I've set to port 8080.
But the fTelnet side in SBBS Web v4 does need some changes, as it assumes that the WS port is on the same machine.
I did the following changes:
In "000-home.xjs", the Options part for fTelnet needs the option "Options.WebSocketUrlPath" to point to the "virtual subdirectory" from the configuration above. Also the "Options.Hostname" needs to point to the external hostname of my Apache. And the "Options.Port" has to point to Apache's HTTPS port, 443.
The complete part looks like this now:
---- pages/000-home.xjs
<script id="fTelnetScript" src="<?xjs write(get_url()); ?>"></script>
<script>
var wsp = <?xjs write(settings.wsp || GetWebSocketServicePort()); ?>;
var wssp = <?xjs write(settings.wssp || GetWebSocketServicePort(true)); ?>;
var Options = new fTelnetOptions();
Options.BareLFtoCRLF = false;
Options.BitsPerSecond = 57600;
Options.ButtonBarVisible = true;
Options.ConnectionType = 'telnet';
Options.Emulation = 'ansi-bbs';
Options.Enter = '\r';
Options.Font = 'CP437';
Options.ForceWss = false;
Options.Hostname = 'box.my.imzadi.de';
Options.WebSocketUrlPath = '/ftelnet';
Options.LocalEcho = false;
Options.Port = 443;
Options.ScreenColumns = 80;
Options.ScreenRows = 25;
Options.SplashScreen = '<?xjs write(get_splash()); ?>';
var fTelnet = new fTelnetClient('fTelnetContainer', Options);
fTelnet.ButtonBarVisible = true;
if ($('#ftelnet-connect').length) {
$('#ftelnet-connect').click(function() {
fTelnet.Connect();
});
}
</script>
---- pages/000-home.xjs
Similar changes have to apply to 003-games.xjs:
Here, the "WebSockerUrlPath" has the option for connecting to the RLogin port added - this also does work :)
---- pages/003-games.xjs
<script type="text/javascript">
var wsp = <?xjs write(settings.wsp || GetWebSocketServicePort()); ?>;
var wssp = <?xjs write(settings.wssp || GetWebSocketServicePort(true)); ?>;
var Options = new fTelnetOptions();
Options.BareLFtoCRLF = false;
Options.BitsPerSecond = 57600;
Options.ConnectionType = 'rlogin';
Options.Emulation = 'ansi-bbs';
Options.Enter = '\r';
Options.Font = 'CP437';
Options.ForceWss = false;
Options.Hostname = 'box.my.imzadi.de';
Options.WebSocketUrlPath = '/ftelnet?Port=<?xjs write(GetRLoginPort()); ?>';
Options.LocalEcho = false;
Options.Port = 443;
Options.RLoginClientUsername = '<?xjs write(user.security.password); ?>';
Options.RLoginServerUsername = '<?xjs write(user.alias); ?>';
Options.ScreenColumns = 80;
Options.ScreenRows = 25;
Options.SplashScreen = Options.SplashScreen = '<?xjs write(get_splash()); ?>';
var fTelnet = new fTelnetClient('fTelnetContainer', Options);
fTelnet.OnConnectionClose = function () {
window.location.reload();
};
---- pages/003-games.xjs
Also, the "auth.js" function needed a change, as it creates a cookie that did not work for me -- I cut the corner here by just setting it to my external domain in this function:
---- webv4/lib/auth.js ----
function setCookie(usr, sessionKey) {
if (usr instanceof User && usr.number > 0) {
set_cookie(
'synchronet',
usr.number + ',' + sessionKey,
(time() + settings.timeout),
'box.my.imzadi.de', // <==== this line
'/'
);
setSessionValue(usr.number, 'key', sessionKey);
}
}
---- webv4/lib/auth.js ----
Maybe some of these "hacks" can be made configurable via a .INI file in the future?
Or did I miss something? :)
I hope this is useful for someone else.
Regards,
Anna
---
ï¿ Synchronet ï¿ Imzadi Box
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)