Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
From: Jeroen van Veen <jvanveen@protonmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Rob Dean <robdeanmzl@gmail.com>,
	"galene@lists.galene.org" <galene@lists.galene.org>
Subject: [Galene] Re: Galène with PHP
Date: Fri, 05 Mar 2021 15:56:34 +0000
Message-ID: <rC_8obk6A73rysUac5fPEverpHQQVJlKVZrBJArZ3xxRpIBwcJ7KfETpeggd97YolYee8N0XIdBtNgz-3p1N5azX6W9Xdzl81ZFPlmLv3Ds=@protonmail.com> (raw)
In-Reply-To: <87k0ql3f36.wl-jch@irif.fr>

Not directly related to PHP & Nginx, but here is an example config of running
Galene behind a Nginx proxy: https://github.com/garage44/pyrite/wiki/Proxy-Config

- Jeroen



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Op vrijdag, maart 5, 2021 2:27 PM, Juliusz Chroboczek <jch@irif.fr> schreef:

> > I'm still wondering how to get PHP working on port 8443, so that I can run PHP
>
> > and MYSQL alongside Galene. (e.g. https://www.servername.com:8443/test.php)
>
> One way would be to run Galène behind a frontend proxy such as nginx or
> Apache. The frontend would need to proxy the WebSocket at /ws to Galène,
> and to proxy any PHP requests to a PHP interpreter, probably over fcgi.
> As to the static pages, it's probably best to have them served directly be
> the frontend.
>
> > I definitely cannot have a host php page running on port 80 that
> > attempts to create the websocket for Galene over on port 8443 via
> > javascript.
>
> You could probably do that. You'd just need to very slightly relax
> Galène's security checks, by doing something like the appended patch
> (untested).
>
> In case you want to understand what it does: by default, Galène accepts
> WebSocket connections if either they don't carry an Origin header, or they
> carry an Origin header that matches the host:port of the server; this
> avoids attacks where third-party Javascript is used to access a server
> that is behind a firewall. The attached patch relaxes the latter patch of
> the test, by only checking the hostname, not the port. You may tweak the
> test as needed.
>
> -- Juliusz
>
> diff --git a/webserver/webserver.go b/webserver/webserver.go
> index e336f88..9aaac4a 100644
> --- a/webserver/webserver.go
> +++ b/webserver/webserver.go
> @@ -10,6 +10,7 @@ import (
> "html"
> "io"
> "log"
>
> -   "net"
>     "net/http"
>     "net/url"
>     "os"
>     @@ -440,6 +441,25 @@ func statsHandler(w http.ResponseWriter, r *http.Request, dataDir string) {
>
>     var wsUpgrader = websocket.Upgrader{
>     HandshakeTimeout: 30 * time.Second,
>
> -   CheckOrigin: func(r *http.Request) bool {
> -         origin := r.Header["Origin"]
>
>
> -         if len(origin) == 0 {
>
>
> -         	return true
>
>
> -         }
>
>
> -         u, err := url.Parse(origin[0])
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         host1, _, err := net.SplitHostPort(u.Host)
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         host2, _, err := net.SplitHostPort(r.Host)
>
>
> -         if err != nil {
>
>
> -         	return false
>
>
> -         }
>
>
> -         return strings.EqualFold(host1, host2)
>
>
> -   },
>     }
>
>     func wsHandler(w http.ResponseWriter, r *http.Request) {
>
>
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org



      reply	other threads:[~2021-03-05 15:56 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CA+_U3xZq9jS05zbEz4HAQfX+oUAprigJR4uifQYPpHDzsTSP3Q@mail.gmail.com>
2021-03-02 18:37 ` Juliusz Chroboczek
2021-03-02 20:48   ` Gabriel Kerneis
     [not found]   ` <CA+_U3xavep8nMpdY5Sg1VmDUf24UfT0nx4+xXB2Q=dcvo2iq5Q@mail.gmail.com>
2021-03-05 13:27     ` Juliusz Chroboczek
2021-03-05 15:56       ` Jeroen van Veen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='rC_8obk6A73rysUac5fPEverpHQQVJlKVZrBJArZ3xxRpIBwcJ7KfETpeggd97YolYee8N0XIdBtNgz-3p1N5azX6W9Xdzl81ZFPlmLv3Ds=@protonmail.com' \
    --to=jvanveen@protonmail.com \
    --cc=galene@lists.galene.org \
    --cc=jch@irif.fr \
    --cc=robdeanmzl@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Galène videoconferencing server discussion list archives

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://lists.galene.org/galene

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 galene galene/ https://lists.galene.org/galene \
		galene@lists.galene.org
	public-inbox-index galene

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git