search

FreeRDP / FreeRDP-WebConnect

A gateway for seamless access to your RDP-Sessions in any HTML5-compliant browser
519 stars 1.62k forks source link

freerdp webconnect not working behind haproxy #21

Open AlDigital opened 11 years ago

AlDigital commented 11 years ago

I have been playing for some weeks now with FreeRDP-WebConnect project and I would like to use it on my home infrastructure. The only point which prevent me to do this is that the SSL version doesn't propose client certificates authentication and also that I have an apache SSL website running behind the same IP (thus I should use SNI to spread the traffic from port 443 to the correct backend). To achieve my needs, I tried to interface your project with the devl branch of haproxy 1.5, and I cannot get it up and running.

What I did to configure wsgate is :

port = 443
hostname = rdp.mywebsite.com
redirect = false

I had to set the non-SSL port to 443 otherwise, the var wsBase was set to "ws://rdp.mywebsite.com:80/wsgate".

Now, I go a bit further and fail with the error "TypeError: this.sock is undefined" while executing the below red portion of the inline code (catched using firebug):

wsgate.WSrunner = new Class( {

Implements: Events,
initialize: function(url) {
this.url = url;
},
Run: function() {
try {
this.sock = new WebSocket(this.url);
} catch (err) { }
this.sock.binaryType = 'arraybuffer';
this.sock.onopen = this.onWSopen.bind(this);
this.sock.onclose = this.onWSclose.bind(this);
this.sock.onmessage = this.onWSmsg.bind(this);
this.sock.onerror = this.onWSerr.bind(this);
}
});

For reference, my haproxy cfg file looks like:

global
        log 127.0.0.1   daemon
        maxconn 4096
        chroot /usr/share/haproxy
        uid 99
        gid 99
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        retries 3
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000
        option tcplog

frontend ssl
 timeout client 86400000
 mode http
 bind :443 ssl crt /etc/ssl/perso/mywebsite.pem ca-file /etc/ssl/perso/ca/ca.crt verify required crt-ignore-err all # crlfile ./ca_crl.pem
 use_backend static unless { ssl_c_verify 0 }  # if there is an error with the certificate, then route the user to a less sensitive farm

 use_backend rdp if { ssl_fc_sni rdp.mywebsite.com }
 use_backend apache if { ssl_fc_sni www.mywebsite.com }

 default_backend static

backend static
 mode http
 option http-server-close
 redirect location /certexpired.html if { ssl_c_verify 10 } ! { path /certexpired.html } # SSL error 10 means "certificate expired"
 redirect location /certrevoked.html if { ssl_c_verify 23 } ! { path /certrevoked.html } # SSL error 23 means "Certificate revoked"
 redirect location /othererrors.html unless { ssl_c_verify 0 } ! { path /othererrors.html }
 server static1 static.lan:80 check

backend apache
 mode http
 server apache1 apache.lan:80 check

backend rdp
 mode http
 server rdp1 rdp.lan:443 check
 option forwardfor
 timeout queue 5000
 timeout server 86400000
 timeout connect 86400000

Should you have any idea to help me to resolve this, I would be very thankful, and I would then be pleased to propose a how-to for your wiki on how to setup this configuration.

alexpilotti commented 10 years ago

Your haproxy.cfg looks good at a first glance. Going to take a deeper look at this issue ASAP.

Can you please do some more tests against the current repository? Quite a lot changed in the meantime.

Thanks