VenusOS v3.40 + Nginx configuration to serve Node-RED on port 80

Hi,

before v3.40 I successfully served my Node-RED dashboard on port 80. This is what the mapping looked like:

  • Port 80 → HTTP 301, redirect to https
  • Port 443, location “/” → redirect to “/dashboard/” (Node-RED)
  • Port 443, location “/editor” → redirect to the Node-RED editor
  • Port 8080 → serve Remote Console (index.html)

These was my previous Nginx configurations before v3.40:

default_server
# Default server configuration
server {
    listen 8080;
    listen [::]:8080;

    server_name _;
    root /var/www/venus;
    #access_log off;
    access_log /var/log/nginx/localhost_8080.access_log;
    #error_log               /dev/null;
    error_log /var/log/nginx/localhost_8080.error_log debug;

    index index.html index.php;

    # Browsers still cache, but will always revalidate.
    add_header Cache-Control "no-cache";

    # This is needed because the wasm is downloaded as XHR. The proxying system
    # VRM uses, which also ends up here, has stricter rules and doesn't just
    # return 'origin', so add them here.
    location /gui {
        add_header Access-Control-Allow-Origin "$http_origin";
        add_header Access-Control-Allow-Credentials true;
        gzip_static always;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.socket;
        include fastcgi.conf;
    }
}

server {
    listen 4430 ssl;
    listen [::]:4430 ssl;
    ssl_certificate /data/etc/ssl/venus.local.crt;
    ssl_certificate_key /data/etc/ssl/venus.local.key;

    server_name _;
    root /var/www/venus;
    #access_log off;
    access_log /var/log/nginx/localhost_4430.access_log;
    #error_log               /dev/null;
    error_log /var/log/nginx/localhost_4430.error_log debug;

    index index.html index.php;

    # Browsers still cache, but will always revalidate.
    add_header Cache-Control "no-cache";

    # proxy the websockify for VNC / remote console over https, so accepting the
    # certficate for https makes sure it can be reused for wss as well.
    location ~ ^/websockify$ {
        proxy_pass http://127.0.0.1:443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php5-fpm.socket;
        include fastcgi.conf;
    }

    location ~ /app {
         rewrite ^/app(.*)$ http://$host$request_uri;
    }
}
node_red
server {
    listen                  80 default_server;

    server_name             _;
    return 301              https://$host$request_uri;

}

server {
    listen                  443 ssl default_server;
    server_name             _;
    ssl_certificate         /data/etc/ssl/venus.local.crt;
    ssl_certificate_key     /data/etc/ssl/venus.local.key;
    #access_log off;
    access_log /var/log/nginx/localhost_443.access_log;
    #error_log               /dev/null;
    error_log /var/log/nginx/localhost_443.error_log debug;
    client_max_body_size     10M;

    error_page 500 502 503 504 /50x-node-red.html;
    location = /50x-node-red.html {
            root /var/www/localhost/html;
            internal;
    }

    location / {
        #add_header           X-debug-message "Served for path /" always;
        return 301           /dashboard/;
    }

    location /dashboard/ {
        proxy_pass           http://127.0.0.1:1880/dashboard/;
        #add_header           X-debug-message "Served for path /dashboard/" always;
    }

    location /editor {
        proxy_pass           http://127.0.0.1:1880/editor;
        proxy_http_version   1.1;
        proxy_set_header     Upgrade $http_upgrade;
        proxy_set_header     Connection "Upgrade";
        proxy_set_header     Host $host;
        #add_header          X-debug-message "A static file was served for /editor/" always;
    }

    location /victron/services/ {
        proxy_pass           http://127.0.0.1:1880/victron/services/;
    }

    location /comm {
        proxy_pass           http://127.0.0.1:1880;
        proxy_http_version   1.1;
        proxy_set_header     Upgrade $http_upgrade;
        proxy_set_header     Connection "Upgrade";
        proxy_set_header     Host $host;
    }

    location ~ ^/websockify$ {
        proxy_pass http://127.0.0.1:443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

Now with VenusOS 3.40 out, websockets seem to be served differently. I spent a whole day trying different things out to achieve my old mapping. I could restore my mapping for Node-RED (dashboard + editor), but not for the VNC console.

What configuration would restore my mapping?

It seems they also broke the Remote Console ports.
To access the Remote Console through my router, I had to open ports 80 + 81.
Since I upgrade to 3.41, the Remote Console is not working.

However, I am still able to access the console through the VRM portal as well as locally on the same network as the VenusOS.

So, VNC (which was answering on port 81) seems to be broken for me as well.

VenusOs 3.4x seems to tunelling VNC traffic through port 80.
When I am connecting locally on the remote console, I only see traffic on port 80:
netstat -an | grep <my ip address>

Also, when I issue the following command
netstat -an | grep LISTEN | grep 81
tcp 0 0 127.0.0.1:81 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1881 0.0.0.0:* LISTEN

The port 81 is only listening on local host. There is probably an internal forwarding (VNC Websockets) from port 80 to 81.

I don’t know why I cannot connect to the Remote Console while port 80 is forwarded to the VenusOS like before. Something has changed from 3.3x to 3.4x

If you read the releases notes, you ill find a hint.
https://community.victronenergy.com/questions/292058/venus-os-v34026-available-for-testing.html

Change websockified VNC port, used by Remote Console on LAN. This traffic used to go over port 81, now its served by nginx on port 80 and 443, url is now http:///websockify and https:///websockify.