Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

swifty on localhost with HTTP #101

Open
aruzsi opened this issue Jul 23, 2022 · 4 comments
Open

swifty on localhost with HTTP #101

aruzsi opened this issue Jul 23, 2022 · 4 comments

Comments

@aruzsi
Copy link

aruzsi commented Jul 23, 2022

Hi,

I'd like to put a HTTPS proxy in front of wifty which is running without cert (so using HTTP).
For example lighttpd+mod-proxy and wifty without TLS.

I've read the README about new browsres feature about disabled secrets.
Do you have any posibilities doing wifty without HTTPS for those situations?

TIA,
Ruzsi
@nirui
Copy link
Owner

nirui commented Jul 23, 2022

Hi,

The short answer I'm afraid is No. The limitation is actually not enforced by Sshwifty, instead it's a security policy implemented by the web browser (called Secure contexts).

Sshwifty require window.crypto to run, which is only available under Secure contexts.

I'm not aware any web browser is allowing web page to access window.crypto outside of Secure context. So the easiest way out is to setup Sshwifty as a HTTPS service (If your installation is only for personal/internal use, you can self-issue the SSL certificate).

@aruzsi
Copy link
Author

aruzsi commented Jul 23, 2022

Hi,

Thank you for your answer.

I can advice a solution what was usable for me:

sslh

Maybe you know it.
It is a port multiplexer.
sslh is bindig to HTTPS port (in my task the default HTTP and HTTPS ports are allowed).
sslh is able to using SNI so I setup a new CNAME record in my DNS and sslh was configured
for SNI based port "forwarding" to sshwifty's 8182-es port. Now wifty is iusing self signed cert.
It will be changed to a valid cert, soon from Let's Encrypt.

With my setup (sslh + wifty) I can use the default HTTPS (443) port for some other SSL vhosts, too.
Thanks for sslh port multiplexer.

Thank you for your program using WEB SSH!

@nirui
Copy link
Owner

nirui commented Jul 24, 2022

I presume it would work too, since Sshwifty is basically a webapp, and sslh is designed for SSH and HTTP(S).

I'm glad that you resolved it, cheers 🍺

@nmagee
Copy link

nmagee commented Aug 3, 2022

I too am using this happily behind an HTTP proxy - a simple Apache2 proxy config that also handles SSL for us, running Wifty in a container behind the scenes. To enable WebSockets in the proxy, use these lines:

  ProxyPreserveHost On
  ProxyPass / ws://some.host:8093/
  ProxyPassReverse / ws://some.host:8093/

@CJendantix CJendantix mentioned this issue Mar 7, 2023
Open
@unbeatable-101 unbeatable-101 mentioned this issue Dec 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nmagee @aruzsi @nirui