elgoretto
25-02-2009, 13:30
Hi,
Objective: hide the HTTP webadmin interface behind a HTTPS proxy, so that.... I've a more secure HTTPS TS webadmin interface with no clear password.
Problem: like the other 2 people on these forums who tried same setup (but with different reverse proxy software, here I use nginx), the TS webserver isn't correctly answering to the reverse proxy (in fact it doesn't return any data at first).
Observations: after some manual interaction with TS webserver using netcat, I can see that TS webserver doesn't answer anything to a simple "GET /". But if I send an additionnal "return", TS webserver is finally sending the HTML login page.
# nc -vv <IPADDR> 14534
192.168.0.130: inverse host lookup failed:
(UNKNOWN) [IPADDR] 14534 (?) open
GET /
It returns nothing, but if I strike "return" once again, HTML is finally visible:
# nc -vv <IPADDR> 14534
IPADDR: inverse host lookup failed:
(UNKNOWN) [IPADDR] 14534 (?) open
GET /
***** [HERE I HIT RETURN KEY] *****
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/HTML
Content-Length: 2847
Server: Indy/9.00.10
Set-Cookie: IDHTTPSESSIONID=E77gD2zx5iEQKkn; path=/
<!-- header.html -->
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>TeamSpeak Server-Administration </title>
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
BODY {
[ETC]
Same operation on a real Apache2 webserver:
# nc -vv <IPADDR> 80
IPADDR: inverse host lookup failed:
(UNKNOWN) [IPADDR] 80 (http) open
GET /
<html><body><h1>It works!</h1></body></html> sent 6, rcvd 44
Answer is immediate, no need for an "extra return".
Conclusion: this is an implementation bug in TS webserver. It should return data as soon as a "GET /" command is recieved, what it is not actually doing.
Please fix this, as it seems a pretty simple code modification on your side.
PS: please, don't respond to this post with such answers like ("why using a reverse proxy and not using a firewall instead?" which is technically totally irrelevant) nor ("wait for TS 3.0!"... hahaha :D). I saw these two on 2007 posts.
Objective: hide the HTTP webadmin interface behind a HTTPS proxy, so that.... I've a more secure HTTPS TS webadmin interface with no clear password.
Problem: like the other 2 people on these forums who tried same setup (but with different reverse proxy software, here I use nginx), the TS webserver isn't correctly answering to the reverse proxy (in fact it doesn't return any data at first).
Observations: after some manual interaction with TS webserver using netcat, I can see that TS webserver doesn't answer anything to a simple "GET /". But if I send an additionnal "return", TS webserver is finally sending the HTML login page.
# nc -vv <IPADDR> 14534
192.168.0.130: inverse host lookup failed:
(UNKNOWN) [IPADDR] 14534 (?) open
GET /
It returns nothing, but if I strike "return" once again, HTML is finally visible:
# nc -vv <IPADDR> 14534
IPADDR: inverse host lookup failed:
(UNKNOWN) [IPADDR] 14534 (?) open
GET /
***** [HERE I HIT RETURN KEY] *****
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: text/HTML
Content-Length: 2847
Server: Indy/9.00.10
Set-Cookie: IDHTTPSESSIONID=E77gD2zx5iEQKkn; path=/
<!-- header.html -->
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>TeamSpeak Server-Administration </title>
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
BODY {
[ETC]
Same operation on a real Apache2 webserver:
# nc -vv <IPADDR> 80
IPADDR: inverse host lookup failed:
(UNKNOWN) [IPADDR] 80 (http) open
GET /
<html><body><h1>It works!</h1></body></html> sent 6, rcvd 44
Answer is immediate, no need for an "extra return".
Conclusion: this is an implementation bug in TS webserver. It should return data as soon as a "GET /" command is recieved, what it is not actually doing.
Please fix this, as it seems a pretty simple code modification on your side.
PS: please, don't respond to this post with such answers like ("why using a reverse proxy and not using a firewall instead?" which is technically totally irrelevant) nor ("wait for TS 3.0!"... hahaha :D). I saw these two on 2007 posts.