Disabling default HTML page

27 views
Skip to first unread message

Zaar Hai

unread,
Oct 15, 2018, 9:34:35 PM10/15/18
to Crossbar
Good day,

I've configured crossbar with the following transport:

  transports:
  - type: websocket
    endpoint:
      type: tcp
      port: 8080

Now whenever I visit localhost:8080 with a browser, I see the following status page:

Selection_999(058).png


The problem is that it exposes too much details (the fact that it's WAMP/crossbar, its version, etc.) and I don't to expose it over the internet like this. Is there a proper way to disable it? (I can mount empty dir in docker onto /usr/local/site-packages/crossbar/webservice/templates, but it's hacky, fragile and produces confusing empty responses)

Thanks,
Zaar

Zaar Hai

unread,
Oct 16, 2018, 4:52:51 AM10/16/18
to Crossbar
Another hack to hide is it to put crossbar behind reverse proxy and force Websocket upgrade, e.g. for nginx:

location ~ ^/ws$ {
    proxy_pass http://localhost:8080;
    proxy_http_version 1.1;
    # Forcing upgrade to disable crossbar status page
    # which provides too many details
    proxy_set_header Upgrade websocket;

    proxy_set_header Connection upgrade;

Alexander Gödde

unread,
Oct 16, 2018, 5:32:08 AM10/16/18
to Crossbar
Hi Zaar!

This can be configured via the WebSocket transport options - see https://crossbar.io/docs/WebSocket-Options/ - "enable_webstatus"

Regards,

Alex

Zaar Hai

unread,
Oct 17, 2018, 12:40:17 AM10/17/18
to Crossbar
Thank you! I missed that.

Disabling web status breaks HTTP healthchecks though, since crossbar also responds with 426.
So what is did in the end is:

a). Disabled web status (generating templated html every 10 seconds just for healthchecks seems like a waste)
b). Requiring websocket upgrade in the reverse-proxy as per my above example to block any "outgoing" html
c). Switched to web transport with a separate path for healthchecks. Along the way I hit the issue that crossbar leaks sever version in web transport. Not a biggie, since it's just for internal K8s healthcheck

      # Main transport - requires authentication
      - type: web
        endpoint:
          type: tcp
          port: 5555
        paths:
          healthz:
            type: static
            directory: /var/lib/crossbar/health
            options:
              show_server_version: false
          ws:
            type: websocket
            ...

(I then mount an OK index.html file from K8s configmap under /var/lib/crossbar/health)
Reply all
Reply to author
Forward
0 new messages