• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    C
  • License
    MIT License
  • Created almost 11 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Embed websockify into Nginx (convert any tcp connection into websocket)

Websockify port for Nginx

Embed the Websockify into Nginx

Installation

git clone https://github.com/tg123/websockify-nginx-module.git

cd path/to/nginx_source

./configure --add-module=/path/to/websockify-nginx-module/

make
make install

Uasge

Single noVNC websockify proxy

in your nginx.conf

location /websockify {
    websockify_pass yourvncip:port
}
  1. visit http://kanaka.github.io/noVNC/noVNC/vnc.html in your browser,
  2. Host is your nginx server's ip
  3. port is your nginx server's listening port
  4. Click connect

Quick start with Docker

Proxy 192.168.188.42:5901 to your localhost/websockify.

Note: 5901 is hardcoded in nginx.vh.default.conf

docker run -d --add-host vnchost:192.168.188.42 -p 80:80 farmer1992/nginx-websockify

Dynamic vnc upstream with help of ngx-lua

an example script read ip and port from url params and verify them by md5

SECURITY VULNERABILITY WARNING

this is only an exmaple for you to understand how to work together with ngx-lua do NOT use this script in production.

anyone who know your private key can connect any machine behind your nginx proxy, you should restrict target ip and port in a whitelist.

in your nginx.conf

location /websockify {

    set $vnc_addr '';
    access_by_lua '

        -- your private key here
        local key = "CHANGE_ME_!!!!"
        
        -- read from url params
        local args = ngx.req.get_uri_args()
        local ip = args["ip"] or "127.0.0.1"
        local port = args["port"] or  "5900"
        local sign = args["sign"]
        local t = tonumber(args["t"]) or 0
        local elapse = ngx.time() - t

        -- make sure the signature are generated within 30 seconds
        if elapse > 30 or elapse < 0  then
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end

        local addr = ip .. ":" .. port

        -- verify the signature
        if ngx.md5(key .. t .. addr .. key) ~= sign then
            ngx.exit(ngx.HTTP_FORBIDDEN)
        end

        ngx.var.vnc_addr = addr
    ';

    websockify_pass $vnc_addr;
}

use ajax call to vnc_url.php to retrieve the websockify url, then let noVNC connect to it.

<?php

// query you vnc ip and port from somewhere, e.g. mysql.
//

// query result
$addr = '127.0.0.1';
$port = 5900;

// same as private key in nginx.conf
$key = "CHANGE_ME_!!!!";

$t = time();

echo '/websockify/?' . http_build_query(array(
    't' =>  $t,
    'sign' => md5($key . $t . "$addr:$port" . $key),
    'ip' => $addr,
    'port' => $port,
));

Directives

  • websockify_buffer_size: Default: 65543 = 65535 + 4 + 4 (websocket max frame size + header + mask)

    The buffer size used to store the encode/decode data. each websockify connection will cost websockify_buffer_size * 2 ( 1 upstream + 1 downstream ) addational memory

  • websockify_read_timeout: Default 60s

    proxy_read_timeout of websockify upstream

  • websockify_connect_timeout: Default 60s

    proxy_connect_timeout of websockify upstream

  • websockify_send_timeout: Default 60s

    proxy_send_timeout of websockify upstream

Nginx Compatibility

  • v0.02 - v0.0.3

    • 1.7.x (Tested on 1.7.9)
    • 1.6.x (Tested on 1.6.2)
  • v0.0.1

    • 1.5.x (Tested on 1.5.9)
    • 1.4.x (Tested on 1.4.4)

More Repositories

1

sshpiper

The missing reverse proxy for ssh scp
Go
957
star
2

leetcode

leetcode Solutions.java 250 / 269 (Algorithms)
Java
359
star
3

commandlinefu.cn

ไธญๆ–‡็‰ˆcommandlinefu
C#
271
star
4

chrome-hostadmin

HostAdmin for Firefox Chrome ...
C
213
star
5

myslot

The missing layout/keybinding/macro exportor for World of Warcraft
Lua
45
star
6

docker-sshd

ssh into any docker container/Kubernetes pod without sshd
Go
42
star
7

go-htpasswd

Apache htpasswd Parser for Go.
Go
37
star
8

IronLeveldb

A leveldb implementation in C#
C#
27
star
9

bottle-mysql

MySQL integration for Bottle.
Python
21
star
10

RaidLedger

A ledger for GDKP/gold run raid in World of Warcraft
Lua
16
star
11

Docker-AzureStorageEmulator

Docker Image of AzureStorageEmulator
Dockerfile
13
star
12

docker-wicket

Docker registry auth/index server for both v1 and v2
Go
10
star
13

BattleInfo

Enrich your battleground information
Lua
9
star
14

qrcode-wow

In game QRCode creator for World of Warcraft
Lua
6
star
15

fabric

Service Fabric Golang SDK (Unofficial)
Go
5
star
16

FabricPing

network tools for service fabric
Go
4
star
17

sshpiper-gh

ssh with your github identity
Go
4
star
18

ConsistentSharp

Consistent hash for dotnet core. port from go version https://github.com/stathat/consistent
C#
3
star
19

phabrik

Native Go Impl of Service Fabric Protocol
Go
3
star
20

Docker-AzCopy

Docker image for AzCopy
Dockerfile
2
star
21

sfrun

Run any .exe on Service Fabric like a hero
C#
2
star
22

pyinstaller.docker

Docker image for pyinstaller
2
star
23

welto

Lua
2
star
24

azbastion

go version of az network bastion tunnel
Go
1
star
25

hostadmin.js

library to parse and toggle entries in hosts file
CoffeeScript
1
star
26

docker-tocmd

create the `docker run` of a container!
Go
1
star
27

FabricEmu

Service Fabric Emulator, run your stateful service fabric app without service fabric cluster
Go
1
star
28

xtcprelay

tcp over any data link layer, even mail based floppy
Go
1
star
29

csv2xls_sae

covert csv to xls all cell will be set to text to prevent from big number data losing
Python
1
star
30

remotesigner

crypto.Signer backed by a remote service, grpc, rest or even more
Go
1
star
31

azkeyvault

Golang crypto.Signer and crypto.Decrypter backed by Azure KeyVault
Go
1
star
32

jobobject

Windows JobObject utils for kill all child processes when parent process exits
Go
1
star
33

sshpiper-openpubkey

sshpiper openpubkey plugin
Go
1
star
34

sshpiper-chart

helm chart for sshpiper
Smarty
1
star