Reverse proxy just to pass client info

I have a couple of protected networks in a manufacturing environment, so I can’t connect some of my clients directly to the CMS. I have to set up a reverse proxy in between these networks.

What URL should I set up in the proxy just for the purpose of getting information to the CMS? (no need to admin… I can reach that from somewhere else).

I do run a couple clients through a reverse proxy to Xibo so I might be able to help, but I’m not certain what you’re asking. Are you asking which paths need to be available via your reverse proxy for the client to function?

The clients only ever currently connect to:

/xmds.php

assuming your SENDFILE_MODE setting is set to “Off”

So I would imagine you’d get away with that. You’d need to test it though to be sure.

Yes, just the path for the clients to function.

I’ll try Alex’s suggestion…

@alex, not sure what the SENDFILE_MODE is?

It’s a setting in the CMS settings.

That worked great, thanks!

@brodkin if by any chance you used nginx for the reverse proxy and wouldn’t mind sharing the config I’d love to see it. I still haven’t been able to get the CMS GUI working well through the reverse proxy yet. It’s not a huge deal, but a nice to have since it’s behind a firewall and having it on port 80 would increase access to it.

Actually looks like it’s not working. The client is installed and communicating with the CMS. The default layout is a single webpage that I was able to reach through a webbrowser on the PC without an issue, but the Xibo client doesn’t seem to start and in the CMS it just shows that cloud icon.

I also don’t see a SendFile mode in the CMS -?

@louloizides The setting @alex is referencing is on the general tab labelled “File download mode,” but it’s missing from your system for whatever reason. It should appear under “Send files in advance.”

As far as my config goes, it just looks like this:

server {
    listen         80;
    server_name    xibo.domain.com;
    return         301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name xibo.domain.com;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://172.30.2.44:8080;
        client_max_body_size 800M;
    }
}

Ok thanks - mine’s a little different because I’m trying to turn :8080 into :80/xibo

location /xibo/ {
	proxy_pass http://localhost:8080/;
	proxy_set_header Accept-Encoding "";
        proxy_set_header X-Forwarded-Host $host;
    	proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

My client reaches the CMS, but it looks like files aren’t downloading (if I’m interpreting this correctly) and it won’t get past the splash screen. I’m actually just displaying a webpage, so there’s no need to download anything. I’m not sure why I don’t have the option to turn that off. I’m using V1.8.1.

Other than this part I don’t see any major difference:

Are you running Xibo in the /xibo subdirectory for both CMS and client access? I’m not too familiar with that setup so maybe @dan, @alex, or @Peter could comment, but I think you need to maintain a consistent URL and add the subdirectory to CMS_SERVER_NAME in the config for that to work.

FWIW, if you don’t want to use that directory for CMS access, there is no reason why you can’t configure a client to access an alternate port (e.g. http://10.0.0.1:8123). I actually do that on our system so that the CMS access uses the proxy with SSL and the local LAN clients bypass the proxy and go directly to the Docker container.

P.S. The resources it downloads are not only those of your layouts, but also libraries needed to scale your content to be consistent across different resolutions and such. It also looks like you have the weather and other modules enabled. You should disable any of those that you don’t need so that unnecessary items are not downloaded.

So firstly if you’re trying to run from a subdirectory, then you need to tell the container about that too. In config.env, there’s a setting CMS_ALIAS which you’ll need to set, and then your reverse proxy should be pointed at /xibo too.

None of this will work though with SENDFILE_MODE set to anything other than Off. You’ll need to change that in the settings table directly, as it’s hidden on Docker installations.

Ok, thanks…

In response to @brodkin, I need this to be in a subdirectory for this specific client. It’s behind a hardware firewall and I’m limited to the IP’s and servers it can reach. The other clients in the building use the alternate port. Good point about disabling the weather… I’d love to have it but I’ve never been able to get it working right.

@alex, I’m not sure that I want to turn SENDFILE_MODE to off for all clients though. What would the impact of that be?

Thanks,

Lou

Slower file downloads, and increased memory usage. You may indeed find with very large files downloads break.