MeshCentral: Default Core doesn't upload and reconnect behind IIS ARR reverse proxy
I open in incident here and have been troubleshooting agent that don’t connect when installed behind a reverse proxy: https://github.com/Ylianst/MeshAgent/issues/106
I’m opening a new issue because I’ve discovered something based on other issue threads I’ve read.
OS: Windows Server 2012 Agent OS: Windows Home 64bit Node Version: v12.16.2. MeshCentral version: 0.9.7 Agent Version: 64bit service, background & interactive: 2021-Aug-5 13:47:56-0700, 64bit
Agents connected to MeshCentral behind Reverse Proxy (Using IIS w/ ARR). Headers, as detailed in NGINX video tutorial, verified as being sent.
Steps to recreate:
Agent connected, everything functioning normally.
Go to console, instruct agent to clear the core. (Desktop tab disappears, as expected).
In console, instruct MeshCentral to upload default core.
Agent never reconnects.
My config.json file:
{
"settings": {
"cert": "mesh.domain.com",
"wanonly": true,
"_minify": true,
"port": 480,
"redirPort": 88,
"redirAliasPort": 80,
"portBind": "127.0.0.1",
"AliasPort": 443,
"tlsOffload": "127.0.0.1",
"CookieIpCheck": false,
"CookieEncoding": "hex",
"AuthLog":"C:\\ProdApps\\MeshCentral\\logs\\auth.log",
"Log":"main,web,webrequest,cert",
"agentLogDump": true,
"agentLogDump": true,
"Plugins": {"enabled":true},
"AllowLoginToken": true,
"AllowFraming": true,
"WebRTC": true,
"ignoreagenthashcheck": false,
"letsencrypt": {
"email": "email@domain.com",
"names": "mesh.domain.com",
"rsaKeySize": 3072,
"production": false
}
},
"domains": {
"": {
"title": "MY Mesh",
"AgentConfig": [ "webSocketMaskOverride=1" ],
"certUrl": "https://mesh.domain.com"
}
},
"smtp": {
"host": "smtp.office365.com",
"port": 587,
"from": "email@domain.com",
"user": "email@domain.com",
"pass": "password",
"tls": false
}
}
I created a page that dumped all headers sent to the request, and have verified they are being sent: X-Forwarded-Host X-Forwarded-For X-Forwarded-Proto
I am not sending CF-Connecting-IP as I’m not using CloudFlare.
If I stop the reverse proxy, and change my config use ports 80 and 443, the agent connect and update their core successfully and reconnect.
I can then revert to the ‘proxied’ config and the agents will work normally.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 23 (9 by maintainers)
Gotcha. I don’t use any plugins that I know of. set it to false, restarted.
This is a vanilla install, otherwise. I think I enabled it because it was enabled in an example config.
Same behavior - tinycore will load and run, but default core won’t push and update.
Are there any files I can send you that will assist?