Sorry for the slow response, I was hoping that someone else would answer since there are many xpra deployments out there using apache as proxy..
On 11/06/2020 17:06, Jürgen Weber via shifter-users wrote: > I'd like Apache 2.4 to serve xpra's HTML5 Client. > > I tried > > <Location "/xpra"> > ProxyPass wss://localhost:14500 > ProxyPassReverse wss://localhost:14500 > > > ProxyPass http://localhost:14500 > ProxyPassReverse http://localhost:14500 > </Location> > > the xpra client comes up in the browser, but does not work, also looks > like it does not find its css. > > proxy_wstunnel_module is enabled, no error in the Apache log. > > Has anybody a working configuration? On Fedora, SELinux will block the connection from apache to the xpra port. There are 3 options to fix that, from the most secure to the least: * add a policy to allow apache to connect only to the xpra port: require { type httpd_t; type xpra_port_t; class tcp_socket name_connect; } allow httpd_t xpra_port_t:tcp_socket name_connect; * allow apache to connect to all ports: setsebool -P httpd_can_network_connect on * disable SELinux This config worked for me: <Location "/xpra"> RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] RewriteRule .* ws://localhost:14500/%{REQUEST_URI} [P] ProxyPass ws://localhost:14500 ProxyPassReverse ws://localhost:14500 ProxyPass http://localhost:14500 ProxyPassReverse http://localhost:14500 </Location> Note: SSL has been left out, but it should not be hard to enable it. This information has now been added to the wiki: https://xpra.org/trac/wiki/Clients/HTML5 https://xpra.org/trac/wiki/Apache Cheers, Antoine > > I had a look at https://github.com/websockets/ws/issues/893 > but this is at / and about ssl. > > Thanks, > Juergen _______________________________________________ shifter-users mailing list [email protected] https://lists.devloop.org.uk/mailman/listinfo/shifter-users
