Xpra: Ticket #1349: HTML5 client: Nginx reverse and SSL proxy cause SSL error

I am using a Nginx web server as reverse and SSL proxy.

The HTML5 client work but I get a SSL error that the HTTPS page tries to load the non secure websocket. (If I can ignore the error then the page loads)

Maybe I already have a solution for this problem: If I change the the line 188 of the index.html to client.connect(server, port, location.protocol == 'https:'); the error is gone.

Fri, 18 Nov 2016 14:35:03 GMT - Antoine Martin: status changed

I actually merged code similar to this in r14437 (trac doesn't show the changeset unfortunately!) - many more changes in #1341. Your simpler version could be applied to v0.17.x.

Fri, 18 Nov 2016 14:37:49 GMT - Antoine Martin: owner, status changed

So I've applied to the v0.17.x branch in r14447.

Please close if this works for you. I recommend moving to the 1.0 branch now, as there are a lot more html5 client improvements there.

Mon, 21 Nov 2016 09:14:20 GMT - Antoine Martin: status changed; resolution set

Sun, 18 Feb 2018 02:37:45 GMT - vfclists:

@bboehmke Can you share the nginx configuration you use for the proxying?

I am trying to accomplish something similar but am not getting anywhere quickly.

Sun, 18 Feb 2018 09:14:04 GMT - bboehmke:

I have not used this feature for month but this was the config I was using:

server {
    listen  443       ssl spdy;
    listen  [::]:443  ssl spdy;
    # domain of vhost
    server_name  xpra.domain.de;
    ssl on;
    ssl_certificate /etc/nginx/ssl/crt/all-chained.crt;
    ssl_certificate_key /etc/nginx/ssl/crt/all.key;
    error_log   /var/log/nginx/archTerm.error.log;
    ## Increase this if you want to upload large attachments
    ## Or if you want to accept large git objects over http
    client_max_body_size 20m;
    location / {
        # optional basic auth
        #auth_basic            "Arch";
        #auth_basic_user_file  /etc/nginx/xpra.htpasswd;
        resolver valid=300s;
        resolver_timeout 300s;
        proxy_read_timeout      300;
        proxy_connect_timeout   300;
        proxy_redirect          off;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-Ssl     on;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_set_header    X-Frame-Options     SAMEORIGIN;
        # -> address of xpra daemon

Sat, 23 Jan 2021 05:21:49 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1349