Comment 'If you have installe...' to 'Messenger'
Comment to Messenger

  • If you have installed the JotServer with Docker and the UNA core component is functioning correctly on the server but the Messenger service is working inside the container, the issue is most commonly related to port mapping or SSL configuration.

    Even if the port is exposed internally within the Docker network and appears open on the server, the problem may still be caused by:

    • Incorrect Docker port binding
    • Reverse proxy misconfiguration
    • Missing or invalid SSL certificate
    • WebSocket handshake failure

    To properly resolve this, you should configure a reverse proxy for the Messenger service and host it on a dedicated subdomain, for example:

    messenger.yoursite.com

    By attaching a valid SSL certificate and using Caddy as a reverse proxy on port 443, you allow Caddy to handle the TLS handshake and securely forward traffic to the Dockerized JotServer instance. The Messenger application should then be configured to use only the secure subdomain URL.

    For this setup to function correctly, the following must be ensured:

    1. DNS A record for the subdomain points to your server IP.
    2. SSL certificates are properly issued (either automatic via Caddy or manually provided).
    3. Docker container networking is correctly defined.
    4. The Messenger container port (e.g., 5000) is accessible to Caddy.
    5. WebSocket traffic is properly proxied.

    Below is a production-ready Caddyfile example using UNA environment variables:

    {$UNA_MESSENGER_HOSTNAME} {

      log {
            output discard
      }

      tls {$UNA_TLS}

      encode zstd gzip

      @api {
            path /config
            path /healthz
            path /stats/errors
            path /stats/checker
      }

      @static {
            path /static
      }

      @notstatic {
            not path /static
      }

      @imageproxy {
            path /image_proxy
      }

      header {
            Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
            X-XSS-Protection "1; mode=block"
            X-Content-Type-Options "nosniff"
            Permissions-Policy "cookies=(self), accelerometer=(self), autoplay=(self), camera=(self)"
            Referrer-Policy "no-referrer"
            X-Robots-Tag "noindex, noarchive, nofollow"
            -Server
      }

      header @api {
            Access-Control-Allow-Methods "GET, POST, OPTIONS"
            Access-Control-Allow-Origin "*"
      }

      # Reverse proxy to the JotServer / Messenger container
      handle {
            import env_redirect
            import hidden_files

            reverse_proxy localhost:5000 {
                   header_up X-Forwarded-Port {http.request.port}
                   header_up X-Real-IP {remote_host}
                   header_up X-Forwarded-Proto {scheme}
            }
      }

      @unknown {
            not path /*
      }

      handle @unknown {
            reverse_proxy {$UNA_SECURITY_HOSTNAME}:443
      }
}

    With this configuration, Caddy:

    • Terminates SSL on port 443
    • Automatically supports WebSockets
    • Forwards traffic securely to the Messenger container
    • Ensures correct proxy headers are passed

    In order to use this configuration you have to make also reverse proxy to UNA with Caddy Server . If need help just let me know.