xpra icon
Bug tracker and wiki

Opened 2 weeks ago

Closed 2 weeks ago

Last modified 13 days ago

#2656 closed defect (invalid)

Question html5 clients with proxy and ssl

Reported by: peter0914 Owned by: Antoine Martin
Priority: major Milestone: 4.0
Component: html5 Version: 3.0.x
Keywords: Cc:

Description

Hello,

I want multiple html5 web-clients be able to connect through a single port (8080) and reach their individual xpra session. I have successfully built this setup using:

sqlite_auth.py xpra-auth.sdb create
sqlite_auth.py xpra-auth.sdb add user1 pass1 user1 user1 tcp://localhost:10101/

sudo xpra proxy :10100 --bind-tcp=0.0.0.0:8080 --html=on --socket-dir=/tmp --no-daemon --tcp-auth=sqlite,filename=./xpra-auth.sdb
xpra start :10101 --bind-tcp=0.0.0.0:10101 --no-daemon

-> http://domain:8080/index.html?username=user1&password=pass1

However, if I enable SSL it fails:

sqlite_auth.py xpra-auth.sdb create
sqlite_auth.py xpra-auth.sdb add user1 pass1 user1 user1 tcp://localhost:10101/
sudo xpra proxy :10100 --bind-ssl=0.0.0.0:8080 --ssl=www --ssl-key=privkey.pem \
	--ssl-cert=fullchain.pem --html=on --socket-dir=/tmp --no-daemon \
	--tcp-auth=sqlite,filename=./xpra-auth.sdb
xpra start :10101 --bind-tcp=0.0.0.0:10101 --no-daemon

-> https://domain:8080/index.html?username=user1&password=pass1

The proxy error message is:

2020-03-19 14:40:40,161 Error: the proxy server requires an authentication mode,
2020-03-19 14:40:40,161  client connection 'wss' does not specify one
2020-03-19 14:40:40,161  use 'none' to disable authentication

How can SSL/WSS be enabled for this setup?

Change History (2)

comment:1 Changed 2 weeks ago by Antoine Martin

Resolution: invalid
Status: newclosed

If you use bind-ssl then you must use ssl-auth, not tcp-auth.

comment:2 Changed 13 days ago by peter0914

This works, thank you!

Note: See TracTickets for help on using tickets.