Cannot use UCP behind nginx reverse proxy manager

Hello,

My setup is done as such

Internet p443 → Nginx Proxy Manager p443 → Freepbx p80

The admin panel works fine and the UCP login page loads, however it gets stuck on processing whenever one tries to log in and then their browser is stuck on a 502. I don’t know if this is because I am handling the https on the nginx proxy manager side or what, but nevertheless, it throws a few 404 and 502 errors in console and never loads. Accessing the UCP from the internal IP works fine.

I appreciate any help, and would happily troubleshoot anything that needs further clarification.

:>

1 Like

I found a blog post about this from some random person on wordpress. If anybody runs into this issue, adding

proxy_buffers 8 16k;
proxy_buffer_size 32k;

into the advanced configuration of the proxy host fixes the issue :sunny: !

Leaving this here for others to find.

1 Like

Did you get the UCP phone to work with the proxy?

No, I don’t think I have. I use the UCP for call *history and fax only really. I assume that’s the websockets not working.

edit: missed a word

Correct. I assume that NGINX can proxy it, but it is probably a learning curve.

I have websocket passthrough enabled, but I read somewhere it works on a different port. 8003? Is that correct? I could likely write a config to pass that through as well. There was a wiki article about ports but it seems to be unavailable with the wiki move.

Correct. But I believe you first have to configure NGINX to listen on that port.

https://sangomakb.atlassian.net/wiki/spaces/PP/pages/14057601/Ports+used+on+your+PBX

https://help.sangoma.com/community/s/article/PBX-Platforms-Ports-used-on-your-PBX

That’s really helpful! I’ll try to get Nginx setup to listen to the other ports. :slight_smile:

Thank you!

1 Like

I got it to work, I found an old post of someone who did this with FreePBX on GitHub, and although it got me 90% there, I had to make some changes to FreePBX.

Here’s the advanced code snippet:

listen 8003 ssl http2;
listen 8089 ssl http2;

location / {
    # Force SSL
    include conf.d/include/force-ssl.conf;
    # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
    add_header Strict-Transport-Security "max-age=31536000;includeSubDomains; preload" always;
    # Websocket
	proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
	# Resolve Issues
	proxy_buffer_size 64k;
	proxy_buffers 4 128k;
	proxy_busy_buffers_size 128k;
    # Proxy!
	if ($server_port = 8003) {
        proxy_pass       https://$server:8003;
    }
    if ($server_port = 8089) {
        proxy_pass       https://$server:8089;
    }

    include conf.d/include/proxy.conf;
}

The following is also required to be done. Importantly, HTTPS must be enabled on your server. It doesn’t matter what certificate is used since that is handled by Nginx Proxy Manager anyways.

I installed the localhost certificate in Admin → System Admin → HTTPS. This allows the use of port 443. Now I used the above code snippet and set up the proxy in Nginx Proxy Manager as such:

The reason the device must be proxied as HTTPS is because if you have the FreePBX box on HTTP then it automatically tries to use port 8088/8001 as the port for the phone module. This will not work as the browser will not allow an insecure websocket while connected over HTTPS. By forwarding the proxy to the box over HTTPS, FreePBX correctly identifies that it should use ports 8003 and 8089 instead, which is correct and then it works properly. Glad I got this sorted, even if I will never use the phone module in the UCP :stuck_out_tongue:

–MB

2 Likes

Source:
https://github.com/NginxProxyManager/nginx-proxy-manager/issues/252#issuecomment-573284021

1 Like

Wow, nice work! Very much appreciated!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.