[X2Go-Commits] [x2gohtmlclient] 01/01: {conf/nginx/, src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol.

git-admin at x2go.org git-admin at x2go.org
Wed Jun 23 18:45:06 CEST 2021


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2gohtmlclient.

commit 46f0601c0ee86f7f829ac9e2759b6ef88d6f2c9a
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed Jun 23 18:45:02 2021 +0200

    {conf/nginx/,src/x2gohtmlclient.js}: Provide Nginx SSL configuration by default, switch back to wss:// protocol.
---
 .../nginx/sites-available/x2gohtmlclient-demo.conf | 64 ++++++++++++++++++----
 src/x2gohtmlclient.js                              |  2 +-
 2 files changed, 55 insertions(+), 11 deletions(-)

diff --git a/conf/nginx/sites-available/x2gohtmlclient-demo.conf b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
index 7eb8e4c..94bf319 100644
--- a/conf/nginx/sites-available/x2gohtmlclient-demo.conf
+++ b/conf/nginx/sites-available/x2gohtmlclient-demo.conf
@@ -1,17 +1,57 @@
 server {
 
-	listen 80;
+	listen 127.0.0.1:80;
+	listen [::1]:80 ipv6only=on;
 
-#	listen 443 ssl;
+#	server_name <your-host>
+	server_tokens off; ## Don't show the nginx version number, a security best practice
+
+	# if you use some sort of Let's Encrypt integration, use the below
+	# configuration (i.e. use rewrite)
+#	location / {
+#		rewrite     ^   https://$host$request_uri? permanent;
+#	}
+#	location /.well-known/acme-challenge {
+#		alias /var/lib/letsencrypt/challenges;
+#		allow all;
+#		autoindex off;
+#	}
+
+	# simpler approach, simply do a 301 moved permanently redirect
+	return 301 https://$http_host$request_uri;
+
+	access_log  /var/log/nginx/x2gohtmlclient_access.log;
+	error_log   /var/log/nginx/x2gohtmlclient_error.log;
+
+}
+
+
+server {
+
+	# Comment out the below lines if you want to provide
+	# x2gohtmlclient not only for people on localhost:
+
+	listen 127.0.0.1:443 ssl;
+	listen [::1]:443 ssl ipv6only=on;
+
+	# ... and uncomment the below and adjust to your needs:
+
+#	listen 0.0.0.0:443 ssl;
+#	listen [::]:443 ssl ipv6only=on;
 #	server_name <your-host>;
-#	ssl_certificate <your-SSL-cert>;
-#	ssl_certificate_key <your-SSL-key>;
-#	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-#	ssl_protocols TLSv1.2;
-#	ssl_prefer_server_ciphers off;
-#	ssl_session_timeout 5m;
-#	ssl_session_cache builtin:1000  shared:SSL:10m;
-#	ssl_session_tickets off;
+
+	# ... and put your official SSL certificates here:
+
+	ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
+
+	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_protocols TLSv1.2;
+	ssl_prefer_server_ciphers off;
+	ssl_session_timeout 5m;
+	ssl_session_cache builtin:1000  shared:SSL:10m;
+	ssl_session_tickets off;
 
 	root /usr/share/x2gohtmlclient/demo;
 
@@ -19,4 +59,8 @@ server {
 	include snippets/x2gohtmlclient-css.conf;
 	include snippets/x2gohtmlclient-rpc.conf;
 	include snippets/x2gohtmlclient-wswrapper.conf;
+
+	access_log  /var/log/nginx/x2gohtmlclient_access.log;
+	error_log   /var/log/nginx/x2gohtmlclient_error.log;
+
 }
diff --git a/src/x2gohtmlclient.js b/src/x2gohtmlclient.js
index c581451..6764dad 100644
--- a/src/x2gohtmlclient.js
+++ b/src/x2gohtmlclient.js
@@ -132,7 +132,7 @@ X2GoHTMLClient
 
                 }
                 d.updateStatus("resuming X2Go session with ID <b>" + resp.session.id + "</b>");
-                c.initSocket("ws://" + window.location.hostname + "/x2gows/" + resp.session.wsport,
+                c.initSocket("wss://" + window.location.hostname + "/x2gows/" + resp.session.wsport,
                     resp.session.cookie);
             });
         c.renderBackground();

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gohtmlclient.git


More information about the x2go-commits mailing list