[winswitch] xpra HTML5 Client behind Apache

Antoine Martin antoine at nagafix.co.uk
Thu Jun 18 06:23:34 BST 2020


Sorry for the slow response, I was hoping that someone else would answer
since there are many xpra deployments out there using apache as proxy..

On 11/06/2020 17:06, Jürgen Weber via shifter-users wrote:
> I'd like Apache 2.4 to serve xpra's HTML5 Client.
> 
> I tried
> 
> <Location "/xpra">
>   ProxyPass wss://localhost:14500
>   ProxyPassReverse wss://localhost:14500
> 
> 
>   ProxyPass http://localhost:14500
>   ProxyPassReverse http://localhost:14500
> </Location>
> 
> the xpra client comes up in the browser, but does not work, also looks
> like it does not find its css.
> 
> proxy_wstunnel_module is enabled, no error in the Apache log.
> 
> Has anybody a working configuration?
On Fedora, SELinux will block the connection from apache to the xpra port.
There are 3 options to fix that, from the most secure to the least:
* add a policy to allow apache to connect only to the xpra port:
require {
	type httpd_t;
	type xpra_port_t;
	class tcp_socket name_connect;
}
allow httpd_t xpra_port_t:tcp_socket name_connect;
* allow apache to connect to all ports:
setsebool -P httpd_can_network_connect on
* disable SELinux

This config worked for me:
<Location "/xpra">
  RewriteEngine on
  RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
  RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
  RewriteRule .* ws://localhost:14500/%{REQUEST_URI} [P]

  ProxyPass ws://localhost:14500
  ProxyPassReverse ws://localhost:14500

  ProxyPass http://localhost:14500
  ProxyPassReverse http://localhost:14500
</Location>

Note: SSL has been left out, but it should not be hard to enable it.

This information has now been added to the wiki:
https://xpra.org/trac/wiki/Clients/HTML5
https://xpra.org/trac/wiki/Apache

Cheers,
Antoine

> 
> I had a look at https://github.com/websockets/ws/issues/893
> but this is at / and about ssl.
> 
> Thanks,
> Juergen


More information about the shifter-users mailing list