Meteor and proxying, question for devs

FriendAndFoe · October 3, 2019, 10:12pm

Hello. I’m really curious about this, this is not really meteor related question, but since i use meteor as my project i might ask here anyways.

The situation is as following:

I have a meteor web application running in tor network. It can be accessed via tor browser, everything works fine, i can see, that websockets are connected etc.

Now i tried to do this, make my own tor 2 web.

So i registered a domain, and setup nginx + privoxy on it, with a config like this:


upstream onion {
    server 127.0.0.1:8118;
}


server {
        listen 443 ssl;
        server_name mydomain.com;

        ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
        include /etc/nginx/snippets/ssl.conf;


        
	location / {
        	proxy_pass http://onion;
        	proxy_set_header Host mydomain.onion;  
		
		proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "upgrade";   	
	}
}

The server 127.0.0.1:8118; is a privoxy running on local host, to route the traffic into tor network, with a config like this:

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action   # Main actions file
actionsfile user.action      # User customizations
filterfile default.filter
filterfile user.filter      # User customizations
logfile logfile
listen-address  127.0.0.1:8118
toggle  1
enable-remote-toggle  0
enable-remote-http-toggle  0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward-socks5   /              127.0.0.1:9050 .
forwarded-connect-retries  0
accept-intercepted-requests 1
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
tolerate-pipelining 1
socket-timeout 300

So the redirect goes: clearnet host -> privoxy -> tor

The traffic redirection works like this, but i’m encountering the problems with websocket, when i visit my clearnet site:

Firefox can’t establish a connection to the server at wss://mydomain.com/sockjs/089/9br5we22/websocket.
5048fd7336fcaf90b39dbe9dd187dbbe37296e82.js:61:23114
The connection to wss://mydomain.com/sockjs/089/9br5we22/websocket was interrupted while the page was loading.
5048fd7336fcaf90b39dbe9dd187dbbe37296e82.js:61:23114

Page takes ages to load, because it tries to connect to websocket i assume. Of course i loose any reactivity etc.

so my question:

Can this be even done? Are there any specific settings or proxying servers i can use that support websockets for routing traffing? Nginx should support it, but i assume that something is going wrong inside privoxy

rhywden · October 4, 2019, 9:59am

My config (which works) looks a bit different:

server {
        
        server_name foo.bar.baz;

        location / {
                proxy_pass http://127.0.0.1:3000/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.bar.baz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.bar.baz/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

But since there aren’t many differences I dare say that the issue lies with privoxy.