This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2gohtmlclient. from 115a7e3 debian/: Initial packaging draft. new 46f0601 {conf/nginx/,src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: .../nginx/sites-available/x2gohtmlclient-demo.conf | 64 ++++++++++++++++++---- src/x2gohtmlclient.js | 2 +- 2 files changed, 55 insertions(+), 11 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gohtmlclient. commit 46f0601c0ee86f7f829ac9e2759b6ef88d6f2c9a Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Wed Jun 23 18:45:02 2021 +0200 {conf/nginx/,src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol. --- .../nginx/sites-available/x2gohtmlclient-demo.conf | 64 ++++++++++++++++++---- src/x2gohtmlclient.js | 2 +- 2 files changed, 55 insertions(+), 11 deletions(-) diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf index 7eb8e4c..94bf319 100644 --- a/conf/nginx/sites-available/x2gohtmlclient-demo.conf +++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf @@ -1,17 +1,57 @@ server { - listen 80; + listen 127.0.0.1:80; + listen [::1]:80 ipv6only=on; -# listen 443 ssl; +# server_name <your-host> + server_tokens off; ## Don't show the nginx version number, a security best practice + + # if you use some sort of Let's Encrypt integration, use the below + # configuration (i.e. use rewrite) +# location / { +# rewrite ^ https://$host$request_uri? permanent; +# } +# location /.well-known/acme-challenge { +# alias /var/lib/letsencrypt/challenges; +# allow all; +# autoindex off; +# } + + # simpler approach, simply do a 301 moved permanently redirect + return 301 https://$http_host$request_uri; + + access_log /var/log/nginx/x2gohtmlclient_access.log; + error_log /var/log/nginx/x2gohtmlclient_error.log; + +} + + +server { + + # Comment out the below lines if you want to provide + # x2gohtmlclient not only for people on localhost: + + listen 127.0.0.1:443 ssl; + listen [::1]:443 ssl ipv6only=on; + + # ... and uncomment the below and adjust to your needs: + +# listen 0.0.0.0:443 ssl; +# listen [::]:443 ssl ipv6only=on; # server_name <your-host>; -# ssl_certificate <your-SSL-cert>; -# ssl_certificate_key <your-SSL-key>; -# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -# ssl_protocols TLSv1.2; -# ssl_prefer_server_ciphers off; -# ssl_session_timeout 5m; -# ssl_session_cache builtin:1000 shared:SSL:10m; -# ssl_session_tickets off; + + # ... and put your official SSL certificates here: + + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers off; + ssl_session_timeout 5m; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_session_tickets off; root /usr/share/x2gohtmlclient/demo; @@ -19,4 +59,8 @@ server { include snippets/x2gohtmlclient-css.conf; include snippets/x2gohtmlclient-rpc.conf; include snippets/x2gohtmlclient-wswrapper.conf; + + access_log /var/log/nginx/x2gohtmlclient_access.log; + error_log /var/log/nginx/x2gohtmlclient_error.log; + } diff --git a/src/x2gohtmlclient.js b/src/x2gohtmlclient.js index c581451..6764dad 100644 --- a/src/x2gohtmlclient.js +++ b/src/x2gohtmlclient.js @@ -132,7 +132,7 @@ X2GoHTMLClient } d.updateStatus("resuming X2Go session with ID <b>" + resp.session.id + "</b>"); - c.initSocket("ws://" + window.location.hostname + "/x2gows/" + resp.session.wsport, + c.initSocket("wss://" + window.location.hostname + "/x2gows/" + resp.session.wsport, resp.session.cookie); }); c.renderBackground(); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git