[Galene] Re: Galène with PHP

[Jeroen van Veen <jvanveen@protonmail.com>]

Not directly related to PHP & Nginx, but here is an example config of running
Galene behind a Nginx proxy: https://github.com/garage44/pyrite/wiki/Proxy-Config

- Jeroen



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Op vrijdag, maart 5, 2021 2:27 PM, Juliusz Chroboczek <jch@irif.fr> schreef:

> > I'm still wondering how to get PHP working on port 8443, so that I can run PHP
>
> > and MYSQL alongside Galene. (e.g. https://www.servername.com:8443/test.php)
>
> One way would be to run Galène behind a frontend proxy such as nginx or
> Apache. The frontend would need to proxy the WebSocket at /ws to Galène,
> and to proxy any PHP requests to a PHP interpreter, probably over fcgi.
> As to the static pages, it's probably best to have them served directly be
> the frontend.
>
> > I definitely cannot have a host php page running on port 80 that
> > attempts to create the websocket for Galene over on port 8443 via
> > javascript.
>
> You could probably do that. You'd just need to very slightly relax
> Galène's security checks, by doing something like the appended patch
> (untested).
>
> In case you want to understand what it does: by default, Galène accepts
> WebSocket connections if either they don't carry an Origin header, or they
> carry an Origin header that matches the host:port of the server; this
> avoids attacks where third-party Javascript is used to access a server
> that is behind a firewall. The attached patch relaxes the latter patch of
> the test, by only checking the hostname, not the port. You may tweak the
> test as needed.
>
> -- Juliusz
>
> diff --git a/webserver/webserver.go b/webserver/webserver.go
> index e336f88..9aaac4a 100644
> --- a/webserver/webserver.go
> +++ b/webserver/webserver.go
> @@ -10,6 +10,7 @@ import (
> "html"
> "io"
> "log"
>
> -   "net"
>     "net/http"
>     "net/url"
>     "os"
>     @@ -440,6 +441,25 @@ func statsHandler(w http.ResponseWriter, r *http.Request, dataDir string) {
>
>     var wsUpgrader = websocket.Upgrader{
>     HandshakeTimeout: 30 * time.Second,
>
> -   CheckOrigin: func(r *http.Request) bool {
> -         origin := r.Header["Origin"]
>
>
> -         if len(origin) == 0 {
>
>
> -         	return true
>
>
> -         }
>
>
> -         u, err := url.Parse(origin[0])
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         host1, _, err := net.SplitHostPort(u.Host)
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         host2, _, err := net.SplitHostPort(r.Host)
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         return strings.EqualFold(host1, host2)
>
>
> -   },
>     }
>
>     func wsHandler(w http.ResponseWriter, r *http.Request) {
>
>
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org