sshwifty
sshwifty copied to clipboard
nirui
swifty on localhost with HTTP
Hi,
I'd like to put a HTTPS proxy in front of wifty which is running without cert (so using HTTP). For example lighttpd+mod-proxy and wifty without TLS.
I've read the README about new browsres feature about disabled secrets. Do you have any posibilities doing wifty without HTTPS for those situations?
TIA, Ruzsi
Hi,
The short answer I'm afraid is No. The limitation is actually not enforced by Sshwifty, instead it's a security policy implemented by the web browser (called Secure contexts).
Sshwifty require window.crypto to run, which is only available under Secure contexts.
I'm not aware any web browser is allowing web page to access window.crypto outside of Secure context. So the easiest way out is to setup Sshwifty as a HTTPS service (If your installation is only for personal/internal use, you can self-issue the SSL certificate).
Hi,
Thank you for your answer.
I can advice a solution what was usable for me:
sslh
Maybe you know it. It is a port multiplexer. sslh is bindig to HTTPS port (in my task the default HTTP and HTTPS ports are allowed). sslh is able to using SNI so I setup a new CNAME record in my DNS and sslh was configured for SNI based port "forwarding" to sshwifty's 8182-es port. Now wifty is iusing self signed cert. It will be changed to a valid cert, soon from Let's Encrypt.
With my setup (sslh + wifty) I can use the default HTTPS (443) port for some other SSL vhosts, too. Thanks for sslh port multiplexer.
Thank you for your program using WEB SSH!
I presume it would work too, since Sshwifty is basically a webapp, and sslh is designed for SSH and HTTP(S).
I'm glad that you resolved it, cheers :beer:
I too am using this happily behind an HTTP proxy - a simple Apache2 proxy config that also handles SSL for us, running Wifty in a container behind the scenes. To enable WebSockets in the proxy, use these lines:
ProxyPreserveHost On
ProxyPass / ws://some.host:8093/
ProxyPassReverse / ws://some.host:8093/
