Question html5 clients with proxy and ssl

[peter0914]

Hello,

I want multiple html5 web-clients be able to connect through a single port (8080) and reach their individual xpra session. I have successfully built this setup using:

sqlite_auth.py xpra-auth.sdb create
sqlite_auth.py xpra-auth.sdb add user1 pass1 user1 user1 tcp://localhost:10101/

sudo xpra proxy :10100 --bind-tcp=0.0.0.0:8080 --html=on --socket-dir=/tmp --no-daemon --tcp-auth=sqlite,filename=./xpra-auth.sdb
xpra start :10101 --bind-tcp=0.0.0.0:10101 --no-daemon

-> http://domain:8080/index.html?username=user1&password=pass1

However, if I enable SSL it fails:

sqlite_auth.py xpra-auth.sdb create
sqlite_auth.py xpra-auth.sdb add user1 pass1 user1 user1 tcp://localhost:10101/
sudo xpra proxy :10100 --bind-ssl=0.0.0.0:8080 --ssl=www --ssl-key=privkey.pem \
	--ssl-cert=fullchain.pem --html=on --socket-dir=/tmp --no-daemon \
	--tcp-auth=sqlite,filename=./xpra-auth.sdb
xpra start :10101 --bind-tcp=0.0.0.0:10101 --no-daemon

-> https://domain:8080/index.html?username=user1&password=pass1

The proxy error message is:

2020-03-19 14:40:40,161 Error: the proxy server requires an authentication mode,
2020-03-19 14:40:40,161  client connection 'wss' does not specify one
2020-03-19 14:40:40,161  use 'none' to disable authentication

How can SSL/WSS be enabled for this setup?

[Antoine Martin]

If you use bind-ssl then you must use ssl-auth, not tcp-auth.

[peter0914]

This works, thank you!

[migration script]

this ticket has been moved to: ​https://github.com/Xpra-org/xpra/issues/2656