[Rspamd-Users] Can't get cluster WebUI running

Michael Grimm trashcan at ellael.org
Wed Apr 24 21:03:28 UTC 2024 

Michael Grimm via Users <users at lists.rspamd.com> wrote:

> Hi,
> 
> I do have have two rspamd instances running on two distinct servers with two different nginx instances.
> 
> 
> At each server both nginx and rspamd run in distinct jails (FreeBSD).
> 
> nginx at server1 (10.1.1.2) <—> rspamd at server1 (10.1.1.1)
> nginx at server2 (10.2.2.2) <—> rspamd at server2 (10.2.2.1)
> 
> server1.tld: nginx (reverse proxy with TLS)
> server2.tld: nginx (reverse proxy with TLS)
> 
> 
> I do get the WebUI running for each server1 and server2 independently (server1 shown, only):
> 
> nginx at server1.tld (https://rspamd.com/doc/faq.html#how-to-use-the-webui-behind-a-proxy-server)
> location /rspamd/ {
> proxy_pass http://10.1.1.1:11334/;
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For "";
> }
> 
> rspamd at server1.tld <mailto:rspamd at 10.1.1.2> (https://rspamd.com/doc/configuration/options.html#neighbours-list)
> local.d/worker-controller.inc:
> password = "secret";
> enable_password = "secret";
> bind_socket = "/var/run/rspamd/rspamd.sock mode=0600"; # postfix milter communication
> bind_socket = "10.1.1.1:11334";
> secure_ip = [ "10.1.1.1", "10.2.2.2" ];
> 
> This works fine.
> 
> But whenever I do define identical neighbour settings at both rspamd instances like ...
> 
> local.d/options.inc:
> neighbours {
> server1 { host = "https://server1.tld:443"; }
> server2 { host = "https://server2.tld:443"; }
> }
> 
> … I do get error messages from WebUI:
> 
> "server1> Cannot get server status"
> "server2> Cannot get server status"
> "Request failed"
> "server1> Cannot receive stats data"
> "server2> Cannot receive stats data"
> "Request failed"


Well, that was tough, but I finally solved it.

1) local.d/options:

	neighbours {
		server1 {
			host = "https://server1.tld:443";
			path = "/rspamd/";
		}
		server2 {
			host = "https://server2.tld:443";
			path = "/rspamd/";
		}
	}

2) nginx configuration:

	location /rspamd/ {
		proxy_pass http://10.1.1.1:11334/;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For "";
		add_header Access-Control-Allow-Credentials 'true'; # IMPORTANT!
        }

FTR:

1) 
I couldn't find any hint about "add_header Access-Control-Allow-Credentials 'true'" in the rspamd documents. Hope that's save to set?

2) 
https://rspamd.com/doc/configuration/options.html#neighbours-list taught me that it might be nessessary to separate 'host' and 'path' in the neighbour list. 
BUT: "server1 { host = "https://server1.tld/rspamd/:443"; }" didn't work for me, dunno why. Do you?

Regards,
Michael

More information about the Users mailing list