#1349 closed enhancement (fixed)
HTML5 client: Nginx reverse and SSL proxy cause SSL error
Reported by: | bboehmke | Owned by: | bboehmke |
---|---|---|---|
Priority: | major | Milestone: | 1.0 |
Component: | html5 | Version: | 0.17.x |
Keywords: | ssl | Cc: |
Description
I am using a Nginx web server as reverse and SSL proxy.
The HTML5 client work but I get a SSL error that the HTTPS page tries to load the non secure websocket. (If I can ignore the error then the page loads)
Maybe I already have a solution for this problem:
If I change the the line 188 of the index.html to
client.connect(server, port, location.protocol == 'https:');
the error is gone.
Change History (6)
comment:1 Changed 4 years ago by
Status: | new → assigned |
---|
comment:2 Changed 4 years ago by
Owner: | changed from Antoine Martin to bboehmke |
---|---|
Status: | assigned → new |
So I've applied to the v0.17.x branch in r14447.
Please close if this works for you. I recommend moving to the 1.0 branch now, as there are a lot more html5 client improvements there.
comment:3 Changed 4 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:4 Changed 3 years ago by
@bboehmke Can you share the nginx configuration you use for the proxying?
I am trying to accomplish something similar but am not getting anywhere quickly.
comment:5 Changed 3 years ago by
I have not used this feature for month but this was the config I was using:
server { listen 443 ssl spdy; listen [::]:443 ssl spdy; # domain of vhost server_name xpra.domain.de; ssl on; ssl_certificate /etc/nginx/ssl/crt/all-chained.crt; ssl_certificate_key /etc/nginx/ssl/crt/all.key; error_log /var/log/nginx/archTerm.error.log; ## Increase this if you want to upload large attachments ## Or if you want to accept large git objects over http client_max_body_size 20m; location / { # optional basic auth #auth_basic "Arch"; #auth_basic_user_file /etc/nginx/xpra.htpasswd; resolver 127.0.0.1 valid=300s; resolver_timeout 300s; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; # 192.168.105.40 -> address of xpra daemon proxy_pass http://192.168.105.40:10000$request_uri; } }
comment:6 Changed 3 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1349
I actually merged code similar to this in r14437 (trac doesn't show the changeset unfortunately!) - many more changes in #1341.
Your simpler version could be applied to v0.17.x.