https site not shown in public list
I've set up a KiwiSDR behind a reverse proxy (RPi, nginx, dnsmasq) on my network so that I can run it over https successfully. When anyone connects to https://www.marcelpost.com:8074 the kiwisdr page loads up perfectly. One thing that I am not seeing however is that my site is listed on kiwisdr.com/public/
How long would it normally take for a site to be found in the list, or is there something else I need to do? In the admin page I set Internal and External port both to 8074, but I didn't touch anything for proxy configuration in the 'Connect' page.
As you may have noticed I have moved the default port to 8074 instead of 8073 because I would like to upgrade any incoming http connections to https and since http and https can't share the same port I ended up doing it like this.
Comments
On the network tab "Check port open" does that show your SDR as contactable by the normal method? If it redirects to another port/method I'm not sure that will be expected.
No other listings (I can see) are https:// so it is probably something people do for their own, or special uses but the detection (to check it is worth listing and not blocked by bad router or port forward) will not be expecting that.
I see from your home page it has a listing for http:// :8073 (that redirects to https:// what happens if you set that as the public site? (mainly via check port open)
Stu
On that page, the 'check port open' test fails for both url's but this is probably because the page shows that it's going to test for http urls. Respectively http://www.marcelpost.com:8074 and http://:8074. I expect these to fail because the client is not communicating with the server over http.
I'm not sure if this test is particularly useful because it's not the kiwiSDR that determines how the public internet connects to my site.
Leaving it to http on my domain is the thing I want to stay away from as it has become painfully clear that modern browsers are getting less and less tolerant of plain http sites. Browsing to my domain often upgrades the connection to https and once browsers know there's https it's not obvious on how to ever make it talk http again. It's definitely something I don't want to confuse the visitor with.
There should be a 301 redirect happening to https on port 8074 when you come in on http 8073. My idea was to still offer http://www.marcelpost.com:8073 for visitors who have never visited my normal (mediawiki over https) site before, and then then simply upgrade to https on 8074. The upgrade works fine when browsing from my phone and all the https connections work as expected.
The system uptime is now just over 11 hours, so I just don't know why I'm not listed yet.
"I just don't know why I'm not listed yet."
Answer was in my previous post.
If the system that validates the public availability of the Kiwi reports "fail" it will not list (AFAIK). That test doesn't care what you feel about it. Make it work for the test, get listed. The alternative is to expect John to rework his server to detect, test and support a single use case.
It's possible, because a site in Norway did it back in June (https://kiwi.lb2pj.no) This was the cause of the sampling stations disappearing from the TDoA extension map a while back as my script on kiwisdr.com never anticipated any Kiwi URL to begin with "https://" lol.
Anyway, unfortunately this Kiwi has not been around since July 6. Otherwise I would check its configuration and maybe be able to tell you what to do.
Thanks for the feedback on the Norway site. I'll see if I can get in touch with Oyvind. And yes, it could very well be that there is still something missing in my setup. I've just been very excited that I finally got it to work over https but I may have missed a step somewhere. DNS should be easy to fix.
@powernumpty I don't think running over https is a single use case. I thought I did everything right but because I couldn't see myself listed I reached out here for further help. Fortunately, @jks has given some valuable nuggets that I will further investigate.
Turns out I hadn't set up ipv_forward and iptables correctly. This is why pinging from the KiwiSDR didn't reach any of the DNS servers. It now also makes the 'Check port open' test successful (even though it still wants to check against http urls).
I've just restarted the KiwiSDR again in the hopes that this will trigger a re-listing shortly.
Do a URL rewrite on your proxy so requests to http://www.marcelpost.com:8074/status (from the Internet) turn into a request to https://www.marcelpost.com:8074/status
Done!
I had two scenarios that didn't work, see below.
In the list of stations, kiwisdr.com still lists my station as a http site, but at least it's back on.
Whatever way visitors connect, the link will always be upgraded to https. The biggest bonus is that it's no longer interfering with browsers wanting to prefer https once they've seen it available on a domain.
I might spend some more time in the future to see if I can have it running all over 8073 again, but for now I'm pretty happy with how it works.
For those interested in the details:
Raspberry Pi B+ Rev1.2
Raspbian 10.10
Nginx 1.14.2-2
# /etc/nginx/sites-available/kwisdr-reverseproxy.conf
server {
listen 10.0.0.10:8073; # listen on 8073
server_name www.marcelpost.com:8073;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.marcelpost.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.marcelpost.com/privkey.pem;
# redirect any incoming http to https and port 8074
return 301 https://www.marcelpost.com:8074$request_uri;
}
server {
listen 10.0.0.10:8074; # listen on 8074
server_name www.marcelpost.com:8074;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.marcelpost.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.marcelpost.com/privkey.pem;
# takes care of http connections on 8074 (redirect to https 8074)
error_page 497 https://$host:$server_port$request_uri;
location / {
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://10.0.1.20:8074; # server ip address of KiwiSDR
}
}
The only other thing I had to change in /etc/nginx.conf was to uncomment:
server_names_hash_bucket_size 64;
This may not be necessary but I had this 'could not build server_names_hash' error which was fixed by uncommenting the above line.
Thanks everyone for their input.