From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134])
	by mail.toke.dk (Postfix) with ESMTPS id 0DD4C808C00
	for <galene@lists.galene.org>; Fri,  5 Mar 2021 16:56:41 +0100 (CET)
Authentication-Results: mail.toke.dk;
	dkim=pass (1024-bit key) header.d=protonmail.com header.i=@protonmail.com header.b=fx3LJZsE
Date: Fri, 05 Mar 2021 15:56:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
	s=protonmail; t=1614959795;
	bh=s/9U4BnITe9ZzU3HH388inBHeiNrxLfWYIMH6SZ1hcI=;
	h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
	b=fx3LJZsEP//9L5H8xfbDhwv5MbgGyBf/WcTUE+KrYty44Pu1ZuARDiJi2pqY3P/pv
	 TPBooML+MaidW/CWvTmqIjwxkzangMevDTIH5MzeMAeDGP3TIG1KfQIKIwqviyhlar
	 AlZGgr5TU1/cQ5RugO2JAKPFguae2UMkFR7nWlp4=
To: Juliusz Chroboczek <jch@irif.fr>
From: Jeroen van Veen <jvanveen@protonmail.com>
Message-ID: <rC_8obk6A73rysUac5fPEverpHQQVJlKVZrBJArZ3xxRpIBwcJ7KfETpeggd97YolYee8N0XIdBtNgz-3p1N5azX6W9Xdzl81ZFPlmLv3Ds=@protonmail.com>
In-Reply-To: <87k0ql3f36.wl-jch@irif.fr>
References: <CA+_U3xZq9jS05zbEz4HAQfX+oUAprigJR4uifQYPpHDzsTSP3Q@mail.gmail.com> <874kht1jxv.wl-jch@irif.fr> <CA+_U3xavep8nMpdY5Sg1VmDUf24UfT0nx4+xXB2Q=dcvo2iq5Q@mail.gmail.com> <87k0ql3f36.wl-jch@irif.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,WEIRD_PORT
	shortcircuit=no autolearn=disabled version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
	mailout.protonmail.ch
Message-ID-Hash: 76TKGLXNN7GU7SQGRID7C2FMKWEELATS
X-Message-ID-Hash: 76TKGLXNN7GU7SQGRID7C2FMKWEELATS
X-MailFrom: jvanveen@protonmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
CC: Rob Dean <robdeanmzl@gmail.com>, "galene@lists.galene.org" <galene@lists.galene.org>
X-Mailman-Version: 3.3.2
Precedence: list
Reply-To: Jeroen van Veen <jvanveen@protonmail.com>
Subject: [Galene] =?utf-8?q?Re=3A_Gal=C3=A8ne_with_PHP?=
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/rC_8obk6A73rysUac5fPEverpHQQVJlKVZrBJArZ3xxRpIBwcJ7KfETpeggd97YolYee8N0XIdBtNgz-3p1N5azX6W9Xdzl81ZFPlmLv3Ds=@protonmail.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

Not directly related to PHP & Nginx, but here is an example config of runni=
ng
Galene behind a Nginx proxy: https://github.com/garage44/pyrite/wiki/Proxy-=
Config

- Jeroen



=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me=
ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90
Op vrijdag, maart 5, 2021 2:27 PM, Juliusz Chroboczek <jch@irif.fr> schreef=
:

> > I'm still wondering how to get PHP working on port 8443, so that I can =
run PHP
>
> > and MYSQL alongside Galene. (e.g. https://www.servername.com:8443/test.=
php)
>
> One way would be to run Gal=C3=A8ne behind a frontend proxy such as nginx=
 or
> Apache. The frontend would need to proxy the WebSocket at /ws to Gal=
=C3=A8ne,
> and to proxy any PHP requests to a PHP interpreter, probably over fcgi.
> As to the static pages, it's probably best to have them served directly b=
e
> the frontend.
>
> > I definitely cannot have a host php page running on port 80 that
> > attempts to create the websocket for Galene over on port 8443 via
> > javascript.
>
> You could probably do that. You'd just need to very slightly relax
> Gal=C3=A8ne's security checks, by doing something like the appended patch
> (untested).
>
> In case you want to understand what it does: by default, Gal=C3=A8ne acce=
pts
> WebSocket connections if either they don't carry an Origin header, or the=
y
> carry an Origin header that matches the host:port of the server; this
> avoids attacks where third-party Javascript is used to access a server
> that is behind a firewall. The attached patch relaxes the latter patch of
> the test, by only checking the hostname, not the port. You may tweak the
> test as needed.
>
> -- Juliusz
>
> diff --git a/webserver/webserver.go b/webserver/webserver.go
> index e336f88..9aaac4a 100644
> --- a/webserver/webserver.go
> +++ b/webserver/webserver.go
> @@ -10,6 +10,7 @@ import (
> "html"
> "io"
> "log"
>
> -   "net"
>     "net/http"
>     "net/url"
>     "os"
>     @@ -440,6 +441,25 @@ func statsHandler(w http.ResponseWriter, r *http=
.Request, dataDir string) {
>
>     var wsUpgrader =3D websocket.Upgrader{
>     HandshakeTimeout: 30 * time.Second,
>
> -   CheckOrigin: func(r *http.Request) bool {
> -         origin :=3D r.Header["Origin"]
>
>
> -         if len(origin) =3D=3D 0 {
>
>
> -         =09return true
>
>
> -         }
>
>
> -         u, err :=3D url.Parse(origin[0])
>
>
> -         if err !=3D nil {
>
>
> -         =09return false
>
>
> -         }
>
>
> -         host1, _, err :=3D net.SplitHostPort(u.Host)
>
>
> -         if err !=3D nil {
>
>
> -         =09return false
>
>
> -         }
>
>
> -         host2, _, err :=3D net.SplitHostPort(r.Host)
>
>
> -         if err !=3D nil {
>
>
> -         =09return false
>
>
> -         }
>
>
> -         return strings.EqualFold(host1, host2)
>
>
> -   },
>     }
>
>     func wsHandler(w http.ResponseWriter, r *http.Request) {
>
>
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org