From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=skoll.ca (client-ip=144.217.161.9; helo=dianne.skoll.ca; envelope-from=dianne@skoll.ca; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; secure) header.d=skoll.ca header.i=@skoll.ca header.a=rsa-sha256 header.s=canit2 header.b=tJpSSwJ1 Received: from dianne.skoll.ca (dianne.skoll.ca [144.217.161.9]) by mail.toke.dk (Postfix) with ESMTPS id 498AF9DCFC9 for ; Thu, 12 Jan 2023 19:16:19 +0100 (CET) Received: from pi4.skoll.ca ([192.168.84.18]) by dianne.skoll.ca (8.15.2/8.15.2/Debian-22) with ESMTP id 30CIGHCf012153 for ; Thu, 12 Jan 2023 13:16:18 -0500 Received: from gato.skoll.ca (gato.skoll.ca [192.168.83.21]) by pi4.skoll.ca (Postfix) with ESMTPS id 4NtCRP3L76zgd6PY for ; Thu, 12 Jan 2023 13:16:17 -0500 (EST) Date: Thu, 12 Jan 2023 13:16:16 -0500 From: Dianne Skoll To: galene@lists.galene.org Message-ID: <20230112131616.046f2f09@gato.skoll.ca> In-Reply-To: <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> References: <87sfgg3nmy.wl-jch@irif.fr> <87r0w03ml3.wl-jch@irif.fr> <3EEAFE96-7303-41BA-B7A8-C54C8E07A3EB@rouillier.fr> <87a62o54ts.wl-jch@irif.fr> <39712e61-808a-7dc3-989f-c65410de7129@gmail.com> <878ri76i0n.wl-jch@irif.fr> <875ydb6c8c.wl-jch@irif.fr> <871qnz6abi.wl-jch@irif.fr> <20230112103442.14651e37@gato.skoll.ca> <410ea8f2-1981-8521-62bc-27f2cf5cb073@umontpellier.fr> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.24; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/39WMZ3q8Zi4EEP_y3OSu8WW"; protocol="application/pgp-signature"; micalg=pgp-sha512 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=skoll.ca; h=date:from:to :subject:message-id:in-reply-to:references:mime-version :content-type; s=canit2; bh=gpZH1K1KrBP+lMUTyZIqSN1LqHL4zfhYBDT8 p+cqt4I=; b=tJpSSwJ1E4RQVVgnueBs3fJNcHiRhB9ahU8K/zql/8Khy/gm9GZK qDGzt6fNQQm63PVxN+Eln7lT47ajpzX0o7ddqAcfzoU5kDuYockEGmsrpRn5ombT /NG8m7ZAtg2nDvBpL8GRQusxDirT2uCT0f9Dfg0QonfUV6mHO04oKXNbM1yNXyG+ ClitfrRdQG3SqGAQjrfQiWpF7vEMTwU4Te8g1FTVO1mCo5wYRGI+TMbGBTETzLW6 Bj3YhbHsWK9uylVWBzovZubUxtt0kCqRlSmf/EnT+HsUEOFRoesPZ/98wce5NH5d g/dJXRqLWQMlBwlpbc9BKDad1vvNughYDQ== X-Scanned-By: CanIt (www . roaringpenguin . com) X-Scanned-By: mailmunge 3.10 on 192.168.83.18 X-Spam-Score: undef - relay 192.168.84.18 marked with skip_spam_scan X-CanIt-Geo: No geolocation information available for 192.168.84.18 X-CanItPRO-Stream: outbound (inherits from default) X-Canit-Stats-ID: Bayes signature not available X-CanIt-Archive-Cluster: tWKWaF/NcZkqjWIj0BEJTBHJhwY X-CanIt-Archived-As: base/20230112 / 0197Sgh0i Message-ID-Hash: R64TC5JDHR74FS4KRUFQTOTUCXKBYWHQ X-Message-ID-Hash: R64TC5JDHR74FS4KRUFQTOTUCXKBYWHQ X-MailFrom: dianne@skoll.ca X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.7 Precedence: list Subject: [Galene] Re: Galene in Docker [was: ANNOUNCE: galene-0.6.2] List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --Sig_/39WMZ3q8Zi4EEP_y3OSu8WW Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, 12 Jan 2023 19:08:15 +0100 R=C3=A9my Dernat wrote: > My Galene server is running behind a Nginx RP for more than one year. > I attached my galene server configuration on nginx. It is really > simple. I run it behind an Apache reverse-proxy. Config is below. You need the mod_proxy_wstunnel module to proxy the Websocket traffic. #----------------------------------------------------------------------- # Apache snippet to reverse-proxy galene running on port 8443 ProxyPreserveHost on ProxyPass /ws ws://127.0.0.1:8443/ws ProxyPassReverse /ws ws://127.0.0.1:8443/ws ProxyPass / http://127.0.0.1:8443/ ProxyPassReverse / http://127.0.0.1:8443/ #----------------------------------------------------------------------- And this is my systemd unit: #----------------------------------------------------------------------- [Unit] Description=3DGalene After=3Dnetwork.target [Service] Type=3Dsimple WorkingDirectory=3D/home/galene User=3Dgalene Group=3Dgalene ExecStart=3D/home/galene/galene -turn ip.of.my.box:1194 -insecure -http 127= .0.0.1:8443 LimitNOFILE=3D65536 [Install] WantedBy=3Dmulti-user.target #----------------------------------------------------------------------- I use the -insecure option because Apache handles the TLS termination for m= e. Regards, Dianne. --Sig_/39WMZ3q8Zi4EEP_y3OSu8WW Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc45NlUBSkCwUfQeyaFpaXlEdMOIFAmPATnAACgkQaFpaXlEd MOLVCA/9GzB/L547IYjP8WRwBhRRhEFihWal9ipkwz04UzZfdlJtCuCPS7qxIpqe ZG4Kk7zpkv8w37HJQacWNIlWY0QqnwfxwhHfPOEjcncrLtp2k49ABAmQhDmMIXRE +ojw1VrZh00CSx36mQIaJzZBLmR6zNR1DweV+2rGbLI7/Jp1twqg3U0/inMcXDcR JFGexgbDPXdFwfpylm4qS0+JXWrS8U2epSTDcN1BL9XaZ41Pq2pzCV5T7v3XY9Ni TyBagk9SBRbrqAiSPoPzFjVI+z7pPQNEbJBp3LiuiTuHwl7C+ovoryVgGn/ni79e 5paYkSm3VN99j/Sg6Srm5bwzM1D1eRJQSBKwLcgRsaw1E29E9NC6kutjPAt3p786 Xtw8rmbW+rnHQoA1dSK9Dfad7Ktzvfla23Cox4nnCzBZK+Vw+9ruYjDB2Xocnq9q EOIMB1R39XTqp4WYjq0xyH9k4pLGD8wDlQCxWBtqvZG539B3hTrtUyaHu+fndFd7 v62TtObtNh03Y2rC91wyx2pPHhBji+gyQjDkKj1xaf/xLcyN3YJLHjPjGCTmC9KA 48tdDlcvtyHi7G9JiZpOMGkWbGdKFGK66/PjlxEv42vXYon/Lb7nsyetbiBC8cpB ST9WmLa4Sfhxvtyd8MuhGmfsnI8YSmLciqH7PsYHmvHZKEGk1ow= =7W06 -----END PGP SIGNATURE----- --Sig_/39WMZ3q8Zi4EEP_y3OSu8WW--