Web RelayDNS Page Not Found Error 404 on http or https connect link

[ExpGy]

Describe your issue
I enabled the web relayDNS feature, however when I click the http or https links it opens and getting instantly a 404 page does not exist error. Connection path: ISProuter --80,443--> TPLink router --80,443-> RasPI(nginx,tactical rmm,meshcentral). Everything is communicating fine(agents), RDP,webRDP working, only http and https not.

Screenshots

Server Software (please complete the following information):
OS: Debian 12.
Virtualization: none
Network: WAN, nginx reverse proxy, letsencrypt, ssl offload
MC Version: 1.1.32
Node: 18.20.4

Client Device (please complete the following information):

Device: PC
OS: Windows
Network: Remote to MC, Remote over WAN
Browser: Edge, Firefox, Google Chrome
MeshCentralRouter -

Remote Device (please complete the following information):

Device: PC
OS: Windows 11
Network: Local to Meshcentral, Remote over WAN
Current Core Version (if known): for Ubuntu PC: Aug 29 2022, 2464792450, for Windows PC:Aug 25 2022, 143332014

config.json:
{
"settings": {
"cert": "mesh.xxxxxxxxx.xx",
"WANonly": true,
"minify": 1,
"port": 4430,
"aliasPort": 443,
"redirPort": 800,
"redirAliasPort": 80,
"AgentPong": 300,
"RelayDNS": ["relay1.mesh.xxxxxxxxx.xx",
"relay2.mesh.xxxxxxxxx.xx",
"relay3.mesh.xxxxxxxxx.xx",
"relay4.mesh.xxxxxxxxx.xx",
"relay5.mesh.xxxxxxxxx.xx",
"relay6.mesh.xxxxxxxxx.xx",
"relay7.mesh.xxxxxxxxx.xx",
"relay8.mesh.xxxxxxxxx.xx",
"relay9.mesh.xxxxxxxxx.xx"],
"BrowserPong": 300,
"mstsc": true,
"allowLoginToken": true,
"allowFraming": true,
"agentPing": 35,
"allowHighQualityDesktop": true,
"tlsOffload": "100.0.0.250",
"agentCoreDump": false,
"compression": true,
"wsCompression": true,
"agentWsCompression": true,
"maxInvalidLogin": {
"time": 5,
"count": 5,
"coolofftime": 30
},
"plugins": {
"enabled": true
},
"postgres": {
"user": "xxxxxxxx",
"password": "xxxxxxxxxxxxxx",
"port": "5432",
"host": "localhost"
}
},
"domains": {
"": {
"title": "XXXXXXXXXX",
"title2": "MESHCENTRAL",
"newAccounts": false,
"certUrl": "https://100.0.0.250:443/",
"geoLocation": true,
"cookieIpCheck": false,
"mstsc": true
}
}
}

nginx:

server {
listen 80;
server_name mesh.xxxxxxxxx.xx;
location / {
proxy_pass http://100.0.0.250:800/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

server {
listen 443 ssl;
server_name mesh.xxxxxxxxx.xx;
proxy_send_timeout 330s;
proxy_read_timeout 330s;
ssl_certificate /etc/letsencrypt/live/xxxxxxxxx.xx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxx.xx/privkey.pem; # managed by Certbot
ssl_session_cache shared:WEBSSL:10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_http_version 1.1;
proxy_pass http://100.0.0.250:4430/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

[si458]

You haven't shared ur config.json file.
How did u setup the relay feature.
Did u use the Port option or the dns option?
The 404 error u are getting is coming from nginx and not meshcentral
So ur nginx isn't setup correctly

[ExpGy]

It is WORKING!

Had to clear relayX.domain.com related rows form default.conf
And yes the GPT has right!
so

server_name mesh.domain.com relay1.mesh.domain.com relay2.mesh.domain.com relay3.mesh.domain.com relay4.mesh.domain.com relay5.mesh.domain.com relay6.mesh.domain.comrelay7.mesh.domain.com relay8.mesh.domain.com relay9.mesh.domain.com;

this way it is working!

I have to mention that I definitely had to prepare a wildcarded certification for the whole thing!

Thanks for pointing me in the right direction!

[ExpGy]

After cleaning up code wildcard is working too!

server {
    if ($host = mesh.domain.com) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    server_name mesh.domain.com *.mesh.domain.com;
    location / {
        proxy_pass http://127.0.0.1:800;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 443 ssl;
    server_name mesh.domain.com *.mesh.domain.com;
    proxy_send_timeout 330s;
    proxy_read_timeout 330s;
    ssl_certificate /etc/letsencrypt/live/*.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/*.domain.com/privkey.pem;
    ssl_session_cache shared:WEBSSL:10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_http_version 1.1;
        proxy_pass http://127.0.0.1:4430/;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

[ExpGy]

And the working config.json:

{
  "settings": {
    "cert": "mesh.domain.com",
    "WANonly": true,
    "minify": 1,
    "port": 4430,
    "aliasPort": 443,
    "redirPort": 800,
    "AgentPong": 300,
    "RelayDNS": ["relay1.mesh.domain.com",
                 "relay2.mesh.domain.com",
                 "relay3.mesh.domain.com",
                 "relay4.mesh.domain.com",
                 "relay5.mesh.domain.com",
                 "relay6.mesh.domain.com",
                 "relay7.mesh.domain.com",
                 "relay8.mesh.domain.com",
                 "relay9.mesh.domain.com"],
    "BrowserPong": 300,
    "mstsc": true,
    "allowLoginToken": true,
    "allowFraming": true,
    "agentPing": 35,
    "allowHighQualityDesktop": true,
    "tlsOffload": "*.mesh.domain.com",
    "agentCoreDump": false,
    "compression": true,
    "wsCompression": true,
    "agentWsCompression": true,
    "maxInvalidLogin": {
      "time": 5,
      "count": 5,
      "coolofftime": 30
    },
    "plugins": {
      "enabled": true
    },
    "postgres": {
      "user": "username",
      "password": "PaSwOrD",
      "port": "5432",
      "host": "localhost"
    }
  },
  "domains": {
    "": {
      "title": "RELAYSUPPORT",
      "title2": "MESHCENTRAL",
      "newAccounts": false,
      "certUrl": "https://mesh.domain.com:443/",
      "geoLocation": true,
      "cookieIpCheck": false,
      "mstsc": true
    }
  }
}

[ExpGy]

It is also necessary that you have as many DNS entries pointing to your Internet IP address as you want TCP routing at the same time!
Like:
relay1.domain.com ..... relayX.domain.com

[si458]

Glad u got it sorted!

You didn't explain u had a different config file for nginx!

I assume u only have 1 file with everything in

But basically what i explained firstly was correct, u just had a hidden config i wasn't aware of, haha

Yes the relay will basically round Robin the dns entries or you can use a single dns,
Sadly meshcentral isn't setup yet for a wildcard dns for the relaydns but the is an open issue asking for it tho

Also yes u should see a Not Found 404 message when it talks to meshcentral, but u shouldn't see the nginx text at the bottom