Topic: wstunnel behind AuthType Basic

PostPosted: Wed 04 May '22 15:40

I run Apache as a reverse proxy to an app. Part of the reverse proxy connects to NoVNC which uses websockets to display the VNC screen.

If I do not use authorization (AuthType Basic), the reverse proxy works perfectly. As soon as I add authorization, the wstunnel fails.

This is my config file (ignore using port 80, this is still testing stuff):


<VirtualHost *:80>
#    ServerAdmin gbr@erlphase.com
#    ProxyRequests off
#    DocumentRoot /var/www
#    SSLProxyEngine on
    ProxyPreserveHost On

#    ServerName kvm4.erlphase.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel error

    ProxyPass /display/ http://localhost:5800/
    ProxyPassReverse /display/ http://localhost:5800/

    ProxyPass /wiki_7 ws:// retry=3
    ProxyPassReverse /wiki_7 ws:// retry=3       

    ProxyPass /fileserver_6 ws:// retry=3
    ProxyPassReverse /fileserver_6 ws:// retry=3       

    ProxyPass /wpg-common-pc_14 ws:// retry=3
    ProxyPassReverse /wpg-common-pc_14 ws:// retry=3       

    ProxyPass / http://localhost:10000/
    ProxyPassReverse / http://localhost:10000/

    <Proxy *>
        Order deny,allow
        Allow from all
        AuthType Basic
        AuthName "Nexe Access"
        AuthUserFile /var/www/.htpasswd
        Require valid-user


My app runs on port 10000 (localhost only).

Is there a known issue running a wstunnel behind authorization?


ps: I have gotten around the issue by running a reverse proxy on another port that does all the noVNC websocket stuff, but I don't think that's very secure.
James Blond

PostPosted: Thu 05 May '22 15:20

The first thing I see is that you mix old (2.2) and new (2.4) config.

Delete "Order deny,allow" and "Allow from all"
