Name: websockify-nginx-module
Owner: Rainforest QA
Description: Embed websockify into Nginx (convert any tcp connection into websocket)
Forked from: tg123/websockify-nginx-module
Created: 2017-03-03 13:28:11.0
Updated: 2017-03-03 13:28:12.0
Pushed: 2016-03-23 15:09:24.0
Size: 102
Language: C
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Embed the Websockify into Nginx
git clone https://github.com/tg123/websockify-nginx-module.git
cd path/to/nginx_source
./configure --add-module=/path/to/websockify-nginx-module/
make
make install
in your nginx.conf
tion /websockify {
websockify_pass yourvncip:port
nginx server
's ipnginx server
's listening portan example script read ip and port from url params and verify them by md5
SECURITY VULNERABILITY WARNING
this is only an exmaple for you to understand how to work together with ngx-lua do NOT use this script in production.
anyone who know your private key can connect any machine behind your nginx proxy, you should restrict target ip and port in a whitelist.
in your
nginx.conf
tion /websockify {
set $vnc_addr '';
access_by_lua '
-- your private key here
local key = "CHANGE_ME_!!!!"
-- read from url params
local args = ngx.req.get_uri_args()
local ip = args["ip"] or "127.0.0.1"
local port = args["port"] or "5900"
local sign = args["sign"]
local t = tonumber(args["t"]) or 0
local elapse = ngx.time() - t
-- make sure the signature are generated within 30 seconds
if elapse > 30 or elapse < 0 then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
local addr = ip .. ":" .. port
-- verify the signature
if ngx.md5(key .. t .. addr .. key) ~= sign then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
ngx.var.vnc_addr = addr
';
websockify_pass $vnc_addr;
use ajax call to vnc_url.php
to retrieve the websockify url, then let noVNC connect to it.
p
uery you vnc ip and port from somewhere, e.g. mysql.
uery result
r = '127.0.0.1';
t = 5900;
ame as private key in nginx.conf
= "CHANGE_ME_!!!!";
time();
'/websockify/?' . http_build_query(array(
't' => $t,
'sign' => md5($key . $t . "$addr:$port" . $key),
'ip' => $addr,
'port' => $port,
websockify_buffer_size
: Default: 65543 = 65535 + 4 + 4 (websocket max frame size + header + mask)
The buffer size used to store the encode/decode data.
each websockify connection will cost websockify_buffer_size
* 2 ( 1 upstream + 1 downstream ) addational memory
websockify_read_timeout
: Default 60s
proxy_read_timeout of websockify upstream
websockify_connect_timeout
: Default 60s
proxy_connect_timeout of websockify upstream
websockify_send_timeout
: Default 60s
proxy_send_timeout of websockify upstream
v0.02 - v0.0.3
v0.0.1