From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=QsoXdCre Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 1838DA4EFEE for ; Thu, 18 Jan 2024 12:08:36 +0100 (CET) Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 40IB8YCX001333 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 18 Jan 2024 12:08:34 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 40IB8YOK002526; Thu, 18 Jan 2024 12:08:34 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 67F6781276; Thu, 18 Jan 2024 12:08:34 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1705576112; x=1706440113; bh= bY3rtGyvsG3vrDhmEquEoGO90lOrk4kpZdFIXEiIz74=; b=QsoXdCrebE3u7XGw nHhEhAE5FejLZxUCcs+WThCGsXx0vNRBsAB9WipXIXMJq3HOpcsHXYApc9sFOqPb xGlTCKfKy+clrQg0r5DJxotr3mZoUm0NFCnvdxCaXbyM7ABuebC1m7cmlWRHTi9h I9m97w3Mow/FK6uzqIiqztmPbZGFUg306RqZr+zaz1DHDIMTeWSPOYgurNojseOx 7iaY0adjF8Nv0R+5kXmypQkDPS96LiSjKBokGwGwaAxslFZnhZ6yhgv7TLmUro2n AdJxaishvJ/DOg71O+7PXxDiPdvOCVCuQoZGXJLA7hv2rSR5kbKc9RQieJqUN4NM npzBSw== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id YkMqmeFgYKet; Thu, 18 Jan 2024 12:08:32 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 47E4981497; Thu, 18 Jan 2024 12:08:32 +0100 (CET) Date: Thu, 18 Jan 2024 12:08:31 +0100 Message-ID: <87le8mzyog.wl-jch@irif.fr> From: Juliusz Chroboczek To: Francis Bolduc In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Thu, 18 Jan 2024 12:08:34 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Thu, 18 Jan 2024 12:08:34 +0100 (CET) X-Miltered: at korolev with ID 65A906B2.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 65A906B2.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 65A906B2.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 65A906B2.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 65A906B2.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 65A906B2.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: VM26XCMDRZBJKT5BQXPCDFVMDR5EHOLV X-Message-ID-Hash: VM26XCMDRZBJKT5BQXPCDFVMDR5EHOLV X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.9 Precedence: list Subject: [Galene] Re: Behind reverse proxy, not at the root List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: > Each application has its own path. For example, I have a file server > located at https://myhost.com/files and a streaming service at > https://myhost.com/stream. > > Each application has some configuration option to tell it that they > are not located at the root, but rather under some path like /files or > /stream. > > However, I've not found how to do that with Galene. Is there an option > to this that I missed? No, it's not currently supported. It wouldn't be too difficult to do, as usual it's testing that's a pain. (Galene has a fairly extensive set of units tests for low-level functionality, but there are no high-level tests of the server as a whole, so I need to test manually with each release. So the more configuration options we add, the more testing I need to do.) I'll think it over, but no promises. (Off topic, but are you aware that by doing that you defeat sandboxing? HTML5 performs sandboxing on a per-origin basis, not a per-subtree basis, so when multiple applications are running on the same domain, a security flaw in just one of the applications will allow exploitation of all of them. For example, an XSS vulnerability in your files application will allow an attacker to exfiltrate Galene's passwords. The more secure configuration is to use a different hostname for each application, files.example.org, stream.example.org, etc.) -- Juliusz