This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gohtmlclient. commit 46f0601c0ee86f7f829ac9e2759b6ef88d6f2c9a Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Wed Jun 23 18:45:02 2021 +0200 {conf/nginx/,src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol. --- .../nginx/sites-available/x2gohtmlclient-demo.conf | 64 ++++++++++++++++++---- src/x2gohtmlclient.js | 2 +- 2 files changed, 55 insertions(+), 11 deletions(-) diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf index 7eb8e4c..94bf319 100644 --- a/conf/nginx/sites-available/x2gohtmlclient-demo.conf +++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf @@ -1,17 +1,57 @@ server { - listen 80; + listen 127.0.0.1:80; + listen [::1]:80 ipv6only=on; -# listen 443 ssl; +# server_name <your-host> + server_tokens off; ## Don't show the nginx version number, a security best practice + + # if you use some sort of Let's Encrypt integration, use the below + # configuration (i.e. use rewrite) +# location / { +# rewrite ^ https://$host$request_uri? permanent; +# } +# location /.well-known/acme-challenge { +# alias /var/lib/letsencrypt/challenges; +# allow all; +# autoindex off; +# } + + # simpler approach, simply do a 301 moved permanently redirect + return 301 https://$http_host$request_uri; + + access_log /var/log/nginx/x2gohtmlclient_access.log; + error_log /var/log/nginx/x2gohtmlclient_error.log; + +} + + +server { + + # Comment out the below lines if you want to provide + # x2gohtmlclient not only for people on localhost: + + listen 127.0.0.1:443 ssl; + listen [::1]:443 ssl ipv6only=on; + + # ... and uncomment the below and adjust to your needs: + +# listen 0.0.0.0:443 ssl; +# listen [::]:443 ssl ipv6only=on; # server_name <your-host>; -# ssl_certificate <your-SSL-cert>; -# ssl_certificate_key <your-SSL-key>; -# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -# ssl_protocols TLSv1.2; -# ssl_prefer_server_ciphers off; -# ssl_session_timeout 5m; -# ssl_session_cache builtin:1000 shared:SSL:10m; -# ssl_session_tickets off; + + # ... and put your official SSL certificates here: + + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers off; + ssl_session_timeout 5m; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_session_tickets off; root /usr/share/x2gohtmlclient/demo; @@ -19,4 +59,8 @@ server { include snippets/x2gohtmlclient-css.conf; include snippets/x2gohtmlclient-rpc.conf; include snippets/x2gohtmlclient-wswrapper.conf; + + access_log /var/log/nginx/x2gohtmlclient_access.log; + error_log /var/log/nginx/x2gohtmlclient_error.log; + } diff --git a/src/x2gohtmlclient.js b/src/x2gohtmlclient.js index c581451..6764dad 100644 --- a/src/x2gohtmlclient.js +++ b/src/x2gohtmlclient.js @@ -132,7 +132,7 @@ X2GoHTMLClient } d.updateStatus("resuming X2Go session with ID <b>" + resp.session.id + "</b>"); - c.initSocket("ws://" + window.location.hostname + "/x2gows/" + resp.session.wsport, + c.initSocket("wss://" + window.location.hostname + "/x2gows/" + resp.session.wsport, resp.session.cookie); }); c.renderBackground(); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git