Closed dfskoll closed 1 year ago
This is the Apache config that I use:
<VirtualHost *:443>
ServerName server.example.com
Header always set Strict-Transport-Security "max-age=15811200 includeSubdomains;"
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLHonorCipherOrder on
Header set Strict-Transport-Security "max-age=31536000"
ProxyPreserveHost on
ProxyPass /ws ws://127.0.0.1:8443/ws
ProxyPassReverse /ws ws://127.0.0.1:8443/ws
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
Right. Our strategy of guessing the right URL from the request doesn't work if we're behind a reverse proxy.
Please upgrade to the latest master (https://github.com/jech/galene/commit/16e2888d56357ec7cd0007420911fa05084f238a) and create a file data/config.json
with the following contents:
{
"proxyURL": "https://proxy.example.org/"
}
where proxy.example.org
is the address of your proxy. This should also work if you don't specify ProxyPreserveHost
in your Apache conf.
Please confirm that this works for you, and please reopen the issue if it doesn't. Thanks for your help.
Hi,
Thanks; that fixed it. However, at first it would not compile. I received an error stating that the URL class did not have a JoinPath method. I upgraded from Go 1.17 to Go 1.19 and that must have pulled in a newer version of net/url because everything was fine after that.
Thanks for the quick fix.
Regards,
Dianne.
Thanks. Let me fix that.
Hopefully fixed in 10c57c7. Please test.
Unfortunately, I uninstalled Go 1.17 when I upgraded to 1.19, so I can't test against that version of Go. It does work fine with 1.19.
Regards,
Dianne.
That's good enough, thanks.
Hi,
I use Galène behind an Apache reverse-proxy. Apache does TLS termination and I use the
-insecure
argument to galene. Unfortunately, commit 31ed146a959ec7602b82e8573abe540cba4461df results in a browser error "The operation is insecure" because Galène is generating an http: URL instead of https.