Nginx Reverse Proxy with Blynk Server

Hi guys,

I set up my personal blynk server yesterday via docker. Since all of my web applications run behind a nginx reverse proxy I wanted to achieve the same with blynk. So far my efforts were unsuccessful. Anyone out there who can share a working nginx reverse proxy config?

Thanks in advance!

Cheers,
Seb

I tried same thing. Admin page works, but couldn’t connect from the app. But, if you check the log on nginx, you will notice that the app doesn’t use HTTP(S). It was some kind of binary protocol. I think that’s why nginx cannot route the data to blynk server.

Might can be achieved by using below socks5 module for nginx.


Will let you know, if I can resolve the issue.

Up.
Hope someone can support

I think you should start with: https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#proxy_pass

That’s for sure. Maybe you can give us some more insight on this topic. Did you realize it already with Nginx?
Since you’re a Co-founder I could imagine you were already confronted with such a requirement.

I achieved the same and suffered with the same problems. +1

No, I didn’t set it up myself. But google helped me to find that link for you.

1 Like

Sorry to bump an old thread but I’m running into the same issue as the original poster. The admin page works but the app isn’t getting through. Looking at the logs, the app requests look different from the admin page requests. Anyone able to get nginx reverse proxy working with Blynk?

Thanks.

A friend referred me to Blynk. Looks great and it has its own app, free, all great perks.

I do nginx proxy on all things http, so that’s really the first thing I did. The nginx logs left me puzzled :

1.2.3.4.notreal - - [01/Jul/2020:13:13:15 +0000] “\x02,\xAC\x00\x00\x00Mmoi@mdugre.info\x00Y5nzqoAZJdwNJs37ZnSdtLYkvmKV9R+IwnwfwDgTHfY=\x00iOS\x002.26.4\x00Blynk” 400 150 “-” “-” “-”

This is from logging in locally with thie iOS mobile app. The “\x02,\xAC\x00\x00\x00” makes no sense, a standard HTTP request looks like: “GET /admin HTTP/2.0” 200 365" …

From the code it looks like the mobile app is using a homegrown protocol on top of the http channel. In the Blynk Java server class BaseHttpAndBlynkUnificationHandler.buildPipeline, I saw this :

if (isHttp(header4Bytes)) {
	return buildHttpPipeline(pipeline);
}
if (isHardwarePipeline(header4Bytes, lastByteOfHeader)) {
	return buildHardwarePipeline(pipeline);
}
return buildAppPipeline(pipeline);

Yeah, the Blynk app is using a non HTTP, non WS protocol for communicating over the standard HTTP/WS port and this gets intercepted on connect by reading the first 5 bytes of the request. So that answers the question : you can’t do an http proxy for the Blynk mobile app because it is not http, it just hijacks the http connection.

The solution is to configure an nginx stream proxy (as suggested by vshymanskyy) or, even better, to open a port forward on your router directly to the Blynk server (e.g. port 9443/tcp) as suggested elsewhere.

Note that both the device (Arduino, etc.) and the /admin connections seem like real http, so those work fine on a nginx reverse proxy. But you won’t be able to do that for the mobile app.

I usually prefer keeping things clean, like for example creating a separate TCP port (e.g. 9444/tcp) for separate protocols. Aside from that little hack, I’ve been really impressed with Blynk. I just cloned the Java server and I’ll see if I can’t do something about splitting those protocols into separate ports to at least make what is going on obvious.

That’s what I’ve always done, makes it easier for the poor tekky trying to troubleshoot a network failure at 2AM after a prod firewall upgrade failed and he’s trying not to have to call his boss to get the whole thing rolled back… yeah, like that never happened to me ;).

Hi @dugrema that is an amazing investigation. Thanks for sharing and saving our times! Did you find some solution when reverse proxy still in front? In my case my boat is similar as yours, I put everything under reverse proxy, because nowadays it became kind of standard.
For example: Kubernetes has ingress (which is based on nginx), Cloudflare has DDoS/security protection on standard 443 port (proxying applied) and other CDN providers are using reverse proxying.

There is still a value here to have reverse proxying:

  1. CDN to hide IP and protect from attacks, improve security
  2. Kubernetes to make this Blynk highly available
  3. Less ports to outside by not making separate port for Blynk
  4. Organising all services in reverse proxying world

Do we know the reason why this traffic cannot go through REST using standard HTTP/HTTPS methods?

Blynk is really nice service. This is just a curiousity how important is this usage outside of REST standard.

Many thanks

Hi @laimison,

I did some more checking just after my initial post. The reason is simply an incompatible event based protocol is used and applied through the same server socket. If this had been websocket, everything would be fine. But it is not. The socket connection is handled through netty ChannelPipelines. One side is RESTful, the other is a custom protocol.

To answer your main question, the RESTful operations only seem to apply to the web browser for the web admin interface or for the python API. If that’s all you are going to use, you can put blynk behind a proxy. That worked for me with those restrictions… but not very useful in practice. I got blynk for the mobile treats!

Everything else I tried (Android/iOS, hardware connections) use the non http/non RESTful “hardware” event protocol. It is more efficient than even websocket, but alas, not standard. All the http stack goodies go out the window.

And I did not end up doing any work on a fork, I just put the blynk server on a different port.

hi @dugrema if you have some interest now or in the future, there is suggested method to handle it in Nginx which could be tested - https://github.com/blynkkk/blynk-server/issues/1372