xmrigCC Server in docker and behind nginx proxy

[Albrod]

I'm trying to add the CC Server behind an nginx proxy so i could have everything in a container
After configuring everything on nginx and making a couple of test and everything seem working fine with TLS,
Except for the daemon, keep showing this error

error:unable to performRequest POST -> http://my-domain:80/client/setClientStatus?clientId=worker

Nothing happens on the log of CC Server
Making a couple of test more with curl to simulate a POST request it work even it shows up in the CC Server log.

After some more research looking into the nginx log

*2929 client sent invalid method while reading client request line, client: (my-public-ip), server: default-host.localhost, request: "����5��1��

This shows up every time the error appears in the server log so for what i could understand daemon isn't making a good request

After some more testing, if i add https at the beginning of the url on the config file for the daemon the error not shows anywhere but status isn't reported.

This is the cc-client par of my daemon

"cc-client": {
        "enabled": true,
        "use-tls": true,
        "use-remote-logging": true,
        "upload-config-on-start": true,
        "url": "my-domain:80",
        "access-token": "secret",
        "worker-id": "worker",
        "reboot-cmd": null,
        "update-interval-s": 10
    },

This doesn't work even if i remove everything related with tls,

Result with tls off on everything

On CC Server log keeps showing nothing related, on daemon show the same and inside nginx log

client sent invalid host header while reading client request headers, client: (my-public-ip), server: default-host.localhost, request: "POST /client/setClientStatus?clientId=worker HTTP/1.1", host: ""

So for my understanding the daemon isn't making a good or valid request, it's being redirected to the default-host inside nginx that's because isn't asking for the domain name i set up on the config.json

[Bendr0id]

First of all how is the setup looking like.

Is it like this:

miner -> TLS -> nginx -> PLAIN -> xmrigCCServer

I expect the nginx works as an TLS offloader in this case, right?

Or is it like this:

miner -> TLS -> nginx -> TLS -> xmrigCCServer

Can you open the dashboard? https://yourip:80 or does it just work with http://yourip:80 ?

If possible please send me the nginx config, and the cc server config too.

[Albrod]

Yes i can open with https//yourip:80 if i let tls on
Its miner > TLS > nginx > TLS > xmrigCCServer
Also works with
miner > TLS > nginx > PLAIN > xmrigCCServer

Here is my config of CC server

{
    "background": false,                        // true to run the cc-server in the background (no console)
    "colors": true,                             // false to disable colored output
    "log-file": null,                           // log all output to a file
    "syslog": false,                            // use system log for output messages
    "bind-ip": "0.0.0.0",                       // ip the CC Server will listens on
    "port": 80,                               // port the CC Server will listens on
    "user": "admin",                            // admin user for access CC Dashboard
    "pass": "admin",                             // admin pass for access CC Dashboard
    "access-token": "secret",                 // access token for CC Clients (should be set!!!)
    "use-tls" : true,                          // use tls for CC communication (needs to be enabled on miners too)
    "cert-file" : "/letsencrypt/live/npm-2/fullchain.pem",                 // when tls is turned on, use this to point to the right cert file
    "key-file" : "/letsencrypt/live/npm-2/privkey.pem",                  // when tls is turned on, use this to point to the right key file
    "client-config-folder" : null,              // folder which contains the client-config files (null=current)
    "client-log-lines-history" : 100,           // maximum lines of log history kept per miner
    "custom-dashboard" : "/server/index.html",          // dashboard html file
    // Pushnotification Howto @ https://github.com/Bendr0id/xmrigCC/wiki/Setup-Pushover
    "pushover-user-key" : "",                   // your user key for pushover notifications
    "pushover-api-token" : "",                  // api token/keytoken of the application for pushover notifications
    // Telegram Howto @ https://github.com/Bendr0id/xmrigCC/wiki/Setup-Telegram
    "telegram-bot-token" : "",                  // telegram bot token to use for telegram notifications
    "telegram-chat-id" : "",                    // telegram chat-id to used for telegram notifications
    "push-miner-offline-info" : true,           // push notification for offline miners
    "push-miner-zero-hash-info" : true,         // push notification when miner reports 0 hashrate
    "push-periodic-mining-status" : true      // push periodic status notification (every hour)
}

Also for nginx im using the jc21/nginx-proxy-manager
This nginx versions has everything set up ready to set up a proxy just need to tell which domain goes where and in what port is listening, im using it a lot for my business and personal.
I know that it isn't nginx configuration error because of my test with curl

This works also appears at the CC Server log with a Parse Error Occured: 3
curl -H "Authorization: Bearer secret" -X POST -d 'clientId=worker' https://my-domain/client/setClientStatus

And this returns a 301 Moved Permanently and same error in log of CC Server
curl -H "Authorization: Bearer secret" -X POST -d 'clientId=worker' http://my-domain/client/setClientStatus

Both test are shown on the correct log of nginx (the one that corresponds to the CC Server domain name)

[notice] 422#422: *1138 "curl/7.76.1", client: mi-public-ip, server: CC-Server-Domain, request: "POST /client/setClientStatus HTTP/2.0", host: "CC-Server-Domaint"

In the other hand the attempts from the miner are in de default_host.log that's because it isn't being redirected
And show this error on the log

[info] 422#422: *1013 client sent invalid host header while reading client request headers, client: mi-public-ip, server: CC-Server-Domain, request: "POST /client/setClientStatus?clientId=worker HTTP/1.1", **host: ""**

[Bendr0id]

Thank you very much for your detailed bug report. Because of that i quickly found it and fixed it. The fix is available in dev branch.

Can you build on your own or should i provide you a test build to verify its solved? If so, which platform do you need?

[Albrod]

Thanks to you for your quick responses and hard work i will build it and test it now

[Albrod]

working great now 😄 thanks