Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTML5 client: Nginx reverse and SSL proxy cause SSL error #1349

Closed
totaam opened this issue Oct 29, 2016 · 4 comments
Closed

HTML5 client: Nginx reverse and SSL proxy cause SSL error #1349

totaam opened this issue Oct 29, 2016 · 4 comments

Comments

@totaam
Copy link
Collaborator

totaam commented Oct 29, 2016

Issue migrated from trac ticket # 1349

component: html5 | priority: major | resolution: fixed | keywords: ssl

2016-10-29 14:41:00: bboehmke created the issue


I am using a Nginx web server as reverse and SSL proxy.

The HTML5 client work but I get a SSL error that the HTTPS page tries to load the non secure websocket. (If I can ignore the error then the page loads)

Maybe I already have a solution for this problem:
If I change the the line 188 of the [[https://www.xpra.org/trac/browser/xpra/trunk/src/html5/index.html?rev=14293#L188|index.html]] to
client.connect(server, port, location.protocol == 'https:'); the error is gone.

@totaam
Copy link
Collaborator Author

totaam commented Nov 18, 2016

I actually merged code similar to this in r14437 (trac doesn't show the changeset unfortunately!) - many more changes in #1341.
Your simpler version could be applied to v0.17.x.

@totaam
Copy link
Collaborator Author

totaam commented Nov 18, 2016

So I've applied to the v0.17.x branch in 14447.

Please close if this works for you. I recommend moving to the 1.0 branch now, as there are a lot more html5 client improvements there.

@totaam totaam closed this as completed Nov 21, 2016
@totaam
Copy link
Collaborator Author

totaam commented Feb 18, 2018

2018-02-18 02:37:45: vfclists commented


@bboehmke Can you share the nginx configuration you use for the proxying?

I am trying to accomplish something similar but am not getting anywhere quickly.

@totaam
Copy link
Collaborator Author

totaam commented Feb 18, 2018

2018-02-18 09:14:05: bboehmke commented


I have not used this feature for month but this was the config I was using:

server {
    listen  443       ssl spdy;
    listen  [::]:443  ssl spdy;

    # domain of vhost
    server_name  xpra.domain.de;

    ssl on;

    ssl_certificate /etc/nginx/ssl/crt/all-chained.crt;
    ssl_certificate_key /etc/nginx/ssl/crt/all.key;

    error_log   /var/log/nginx/archTerm.error.log;


    ## Increase this if you want to upload large attachments
    ## Or if you want to accept large git objects over http
    client_max_body_size 20m;

    location / {
        # optional basic auth
        #auth_basic            "Arch";
        #auth_basic_user_file  /etc/nginx/xpra.htpasswd;

        resolver 127.0.0.1 valid=300s;
        resolver_timeout 300s;

        proxy_read_timeout      300;
        proxy_connect_timeout   300;
        proxy_redirect          off;

        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-Ssl     on;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    X-Frame-Options     SAMEORIGIN;

        # 192.168.105.40 -> address of xpra daemon
        proxy_pass http://192.168.105.40:10000$request_uri;
    }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant