[winswitch] xpra HTML5 Client behind Apache
Antoine Martin
antoine at nagafix.co.uk
Thu Jun 18 06:23:34 BST 2020
Sorry for the slow response, I was hoping that someone else would answer
since there are many xpra deployments out there using apache as proxy..
On 11/06/2020 17:06, Jürgen Weber via shifter-users wrote:
> I'd like Apache 2.4 to serve xpra's HTML5 Client.
>
> I tried
>
> <Location "/xpra">
> ProxyPass wss://localhost:14500
> ProxyPassReverse wss://localhost:14500
>
>
> ProxyPass http://localhost:14500
> ProxyPassReverse http://localhost:14500
> </Location>
>
> the xpra client comes up in the browser, but does not work, also looks
> like it does not find its css.
>
> proxy_wstunnel_module is enabled, no error in the Apache log.
>
> Has anybody a working configuration?
On Fedora, SELinux will block the connection from apache to the xpra port.
There are 3 options to fix that, from the most secure to the least:
* add a policy to allow apache to connect only to the xpra port:
require {
type httpd_t;
type xpra_port_t;
class tcp_socket name_connect;
}
allow httpd_t xpra_port_t:tcp_socket name_connect;
* allow apache to connect to all ports:
setsebool -P httpd_can_network_connect on
* disable SELinux
This config worked for me:
<Location "/xpra">
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* ws://localhost:14500/%{REQUEST_URI} [P]
ProxyPass ws://localhost:14500
ProxyPassReverse ws://localhost:14500
ProxyPass http://localhost:14500
ProxyPassReverse http://localhost:14500
</Location>
Note: SSL has been left out, but it should not be hard to enable it.
This information has now been added to the wiki:
https://xpra.org/trac/wiki/Clients/HTML5
https://xpra.org/trac/wiki/Apache
Cheers,
Antoine
>
> I had a look at https://github.com/websockets/ws/issues/893
> but this is at / and about ssl.
>
> Thanks,
> Juergen
More information about the shifter-users
mailing list