[X2Go-Commits] [x2gohtmlclient] 01/01: {conf/nginx/, src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol.
git-admin at x2go.org
git-admin at x2go.org
Wed Jun 23 18:45:06 CEST 2021
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2gohtmlclient.
commit 46f0601c0ee86f7f829ac9e2759b6ef88d6f2c9a
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Wed Jun 23 18:45:02 2021 +0200
{conf/nginx/,src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol.
---
.../nginx/sites-available/x2gohtmlclient-demo.conf | 64 ++++++++++++++++++----
src/x2gohtmlclient.js | 2 +-
2 files changed, 55 insertions(+), 11 deletions(-)
diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
index 7eb8e4c..94bf319 100644
--- a/conf/nginx/sites-available/x2gohtmlclient-demo.conf
+++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
@@ -1,17 +1,57 @@
server {
- listen 80;
+ listen 127.0.0.1:80;
+ listen [::1]:80 ipv6only=on;
-# listen 443 ssl;
+# server_name <your-host>
+ server_tokens off; ## Don't show the nginx version number, a security best practice
+
+ # if you use some sort of Let's Encrypt integration, use the below
+ # configuration (i.e. use rewrite)
+# location / {
+# rewrite ^ https://$host$request_uri? permanent;
+# }
+# location /.well-known/acme-challenge {
+# alias /var/lib/letsencrypt/challenges;
+# allow all;
+# autoindex off;
+# }
+
+ # simpler approach, simply do a 301 moved permanently redirect
+ return 301 https://$http_host$request_uri;
+
+ access_log /var/log/nginx/x2gohtmlclient_access.log;
+ error_log /var/log/nginx/x2gohtmlclient_error.log;
+
+}
+
+
+server {
+
+ # Comment out the below lines if you want to provide
+ # x2gohtmlclient not only for people on localhost:
+
+ listen 127.0.0.1:443 ssl;
+ listen [::1]:443 ssl ipv6only=on;
+
+ # ... and uncomment the below and adjust to your needs:
+
+# listen 0.0.0.0:443 ssl;
+# listen [::]:443 ssl ipv6only=on;
# server_name <your-host>;
-# ssl_certificate <your-SSL-cert>;
-# ssl_certificate_key <your-SSL-key>;
-# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-# ssl_protocols TLSv1.2;
-# ssl_prefer_server_ciphers off;
-# ssl_session_timeout 5m;
-# ssl_session_cache builtin:1000 shared:SSL:10m;
-# ssl_session_tickets off;
+
+ # ... and put your official SSL certificates here:
+
+ ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_protocols TLSv1.2;
+ ssl_prefer_server_ciphers off;
+ ssl_session_timeout 5m;
+ ssl_session_cache builtin:1000 shared:SSL:10m;
+ ssl_session_tickets off;
root /usr/share/x2gohtmlclient/demo;
@@ -19,4 +59,8 @@ server {
include snippets/x2gohtmlclient-css.conf;
include snippets/x2gohtmlclient-rpc.conf;
include snippets/x2gohtmlclient-wswrapper.conf;
+
+ access_log /var/log/nginx/x2gohtmlclient_access.log;
+ error_log /var/log/nginx/x2gohtmlclient_error.log;
+
}
diff --git a/src/x2gohtmlclient.js b/src/x2gohtmlclient.js
index c581451..6764dad 100644
--- a/src/x2gohtmlclient.js
+++ b/src/x2gohtmlclient.js
@@ -132,7 +132,7 @@ X2GoHTMLClient
}
d.updateStatus("resuming X2Go session with ID <b>" + resp.session.id + "</b>");
- c.initSocket("ws://" + window.location.hostname + "/x2gows/" + resp.session.wsport,
+ c.initSocket("wss://" + window.location.hostname + "/x2gows/" + resp.session.wsport,
resp.session.cookie);
});
c.renderBackground();
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git
More information about the x2go-commits
mailing list