CD2H gitForager

rainforestapp/websockify-nginx-module

Name: websockify-nginx-module

Owner: Rainforest QA

Description: Embed websockify into Nginx (convert any tcp connection into websocket)

Forked from: tg123/websockify-nginx-module

Created: 2017-03-03 13:28:11.0

Updated: 2017-03-03 13:28:12.0

Pushed: 2016-03-23 15:09:24.0

Homepage:

Size: 102

Language: C

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

Websockify port for Nginx

Embed the Websockify into Nginx

Installation

git clone https://github.com/tg123/websockify-nginx-module.git

cd path/to/nginx_source

./configure --add-module=/path/to/websockify-nginx-module/

make
make install

Uasge

Single noVNC websockify proxy

in your nginx.conf

tion /websockify {
websockify_pass yourvncip:port

visit http://kanaka.github.io/noVNC/noVNC/vnc.html in your browser,
Host is your nginx server's ip
port is your nginx server's listening port
Click connect

Dynamic vnc upstream with help of ngx-lua

an example script read ip and port from url params and verify them by md5

SECURITY VULNERABILITY WARNING

this is only an exmaple for you to understand how to work together with ngx-lua do NOT use this script in production.

anyone who know your private key can connect any machine behind your nginx proxy, you should restrict target ip and port in a whitelist.

in your nginx.conf

tion /websockify {

set $vnc_addr '';
access_by_lua '

    -- your private key here
    local key = "CHANGE_ME_!!!!"

    -- read from url params
    local args = ngx.req.get_uri_args()
    local ip = args["ip"] or "127.0.0.1"
    local port = args["port"] or  "5900"
    local sign = args["sign"]
    local t = tonumber(args["t"]) or 0
    local elapse = ngx.time() - t

    -- make sure the signature are generated within 30 seconds
    if elapse > 30 or elapse < 0  then
        ngx.exit(ngx.HTTP_FORBIDDEN)
    end

    local addr = ip .. ":" .. port

    -- verify the signature
    if ngx.md5(key .. t .. addr .. key) ~= sign then
        ngx.exit(ngx.HTTP_FORBIDDEN)
    end

    ngx.var.vnc_addr = addr
';

websockify_pass $vnc_addr;

use ajax call to vnc_url.php to retrieve the websockify url, then let noVNC connect to it.

p

uery you vnc ip and port from somewhere, e.g. mysql.


uery result
r = '127.0.0.1';
t = 5900;

ame as private key in nginx.conf
 = "CHANGE_ME_!!!!";

 time();

 '/websockify/?' . http_build_query(array(
't' =>  $t,
'sign' => md5($key . $t . "$addr:$port" . $key),
'ip' => $addr,
'port' => $port,

Directives

websockify_buffer_size: Default: 65543 = 65535 + 4 + 4 (websocket max frame size + header + mask)

The buffer size used to store the encode/decode data. each websockify connection will cost websockify_buffer_size * 2 ( 1 upstream + 1 downstream ) addational memory
websockify_read_timeout: Default 60s

proxy_read_timeout of websockify upstream
websockify_connect_timeout: Default 60s

proxy_connect_timeout of websockify upstream
websockify_send_timeout: Default 60s

proxy_send_timeout of websockify upstream

Nginx Compatibility

v0.02 - v0.0.3
- 1.7.x (Tested on 1.7.9)
- 1.6.x (Tested on 1.6.2)
v0.0.1
- 1.5.x (Tested on 1.5.9)
- 1.4.x (Tested on 1.4.4)

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.