summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDevaev Maxim <[email protected]>2018-08-11 03:46:42 +0300
committerDevaev Maxim <[email protected]>2018-08-11 04:09:54 +0300
commitba650456aaecef6651e598bbd20cc7d53d7d3f97 (patch)
treea4ab382a09665ddf500e3b9fba900d296c401b57
parent3d2282f8f9d24f3a7e5bb6772471fe506a7299dd (diff)
Workaround for Safari + Websockets + basic auth
https://bugs.webkit.org/show_bug.cgi?id=80362
-rw-r--r--kvmd/configs/nginx/nginx.conf.example41
-rw-r--r--kvmd/testenv/Dockerfile3
-rw-r--r--kvmd/web/js/session.js18
-rw-r--r--os/platforms/v1/Dockerfile.part3
4 files changed, 51 insertions, 14 deletions
diff --git a/kvmd/configs/nginx/nginx.conf.example b/kvmd/configs/nginx/nginx.conf.example
index e8d2f0a1..bd378b72 100644
--- a/kvmd/configs/nginx/nginx.conf.example
+++ b/kvmd/configs/nginx/nginx.conf.example
@@ -1,3 +1,5 @@
+load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
+
user http;
worker_processes 4;
@@ -5,7 +7,7 @@ worker_processes 4;
error_log /dev/null crit;
events {
- worker_connections 64;
+ worker_connections 1024;
use epoll;
}
@@ -25,12 +27,6 @@ http {
scgi_temp_path /tmp/nginx.scgi_temp;
uwsgi_temp_path /tmp/nginx.uwsgi_temp;
-#PROD server {
-#PROD listen 80;
-#PROD server_name localhost;
-#PROD return 301 https://$host$request_uri;
-#PROD }
-
upstream kvmd {
server localhost:8081 fail_timeout=0s max_fails=0;
}
@@ -39,6 +35,17 @@ http {
server localhost:8082 fail_timeout=0s max_fails=0;
}
+#PROD server {
+#PROD listen 80;
+#PROD server_name localhost;
+#PROD return 301 https://$host$request_uri;
+#PROD }
+
+#PROD lua_shared_dict WS_TOKENS 10m;
+#PROD init_by_lua_block {
+#PROD WS_TOKEN_EXPIRES = 10;
+#PROD }
+
server {
#PROD listen 443 ssl http2;
server_name localhost;
@@ -58,7 +65,27 @@ http {
index index.html;
}
+ location /wsauth {
+ # Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362
+#PROD access_by_lua_block {
+#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization));
+#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES);
+#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES);
+#PROD }
+ content_by_lua_block {
+ ngx.say("ok");
+ }
+ }
+
location /kvmd/ws {
+#PROD auth_basic off;
+#PROD access_by_lua_block {
+#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN;
+#PROD local value, _ = ngx.shared.WS_TOKENS:get(token);
+#PROD if value == nil then
+#PROD ngx.exec("/wsauth");
+#PROD end
+#PROD }
rewrite /kvmd/ws /ws break;
proxy_pass http://kvmd;
proxy_set_header Upgrade $http_upgrade;
diff --git a/kvmd/testenv/Dockerfile b/kvmd/testenv/Dockerfile
index c8bd0c23..d4c4b5ad 100644
--- a/kvmd/testenv/Dockerfile
+++ b/kvmd/testenv/Dockerfile
@@ -31,7 +31,8 @@ RUN pacman -Syy \
&& user-packer -S --noconfirm \
python \
python-pip \
- nginx \
+ nginx-mainline \
+ nginx-mainline-mod-lua \
mjpg-streamer-pikvm \
socat \
&& pacman -Sc --noconfirm
diff --git a/kvmd/web/js/session.js b/kvmd/web/js/session.js
index d3bbf91c..5e4a491b 100644
--- a/kvmd/web/js/session.js
+++ b/kvmd/web/js/session.js
@@ -20,11 +20,19 @@ var session = new function() {
};
this.startPoller = function() {
- __ws = new WebSocket((location.protocol == "https:" ? "wss" : "ws") + "://" + location.host + "/kvmd/ws");
- __ws.onopen = __wsOpenHandler;
- __ws.onmessage = __wsMessageHandler;
- __ws.onerror = __wsErrorHandler;
- __ws.onclose = __wsCloseHandler;
+ var http = tools.makeRequest("GET", "/wsauth", function() {
+ if (http.readyState === 4) {
+ if (http.status === 200) {
+ __ws = new WebSocket((location.protocol == "https:" ? "wss" : "ws") + "://" + location.host + "/kvmd/ws");
+ __ws.onopen = __wsOpenHandler;
+ __ws.onmessage = __wsMessageHandler;
+ __ws.onerror = __wsErrorHandler;
+ __ws.onclose = __wsCloseHandler;
+ } else {
+ __wsCloseHandler(null);
+ }
+ }
+ });
};
var __wsOpenHandler = function(event) {
diff --git a/os/platforms/v1/Dockerfile.part b/os/platforms/v1/Dockerfile.part
index 6e3f2599..35e097b6 100644
--- a/os/platforms/v1/Dockerfile.part
+++ b/os/platforms/v1/Dockerfile.part
@@ -1,5 +1,6 @@
RUN pkg-install \
- nginx \
+ nginx-mainline \
+ nginx-mainline-mod-lua \
apache-tools \
mjpg-streamer-pikvm \
python \