Project

General

Profile

mod_wstunnel

Module: mod_wstunnel

WebSocket tunnel endpoint. This module terminates the websocket tunnel from a client. This module then passes data (without websocket frames) to a backend and encodes responses from backend in websocket frames before sending responses to client.

EXPERIMENTAL (new in lighttpd 1.4.46)

Note: if looking to proxy websockets to a backend, then see Docs_ModProxy, Docs_ModCGI, or other backends, some of which can be enabled to be transparent proxies to backends after client sends Upgrade: websocket

Description

Brief description of mod_wstunnel directives

option description
wstunnel.server backend server definition(s) for hosts to which to send requests; options for each backend host
wstunnel.balance load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky")
wstunnel.debug debug level (value between 0 and 65535)
wstunnel.frame-type websocket frame type: "text" or "binary"
wstunnel.map-extensions map multiple extensions to the same backend
wstunnel.origins list of permitted origins in Origin request header (optional)
wstunnel.ping-interval send websocket PING frame at given interval in sec (default 0; none sent)

Details for wstunnel.server parameters can be found in mod_fastcgi documentation, since the wstunnel module shares the same code infrastructure with the FastCGI module, and fastcgi.server parameters are very similar.

Example: websocket tunnel to VNC server via noVNC client

Follow instructions to download and install, or use available packages for your Linux/*BSD distribution.
https://github.com/novnc/noVNC
x11vnc

If noVNC files are installed in /usr/share/novnc, and x11vnc is running as VNC server with x11vnc -localhost -forever -display :0 then lighttpd mod_wstunnel can be configured with:

server.document-root = "/usr/share/novnc" 
server.indexfiles = ("index.html")
server.modules += ( "mod_wstunnel" )
$HTTP["url"] =~ "^/websockify" {
    wstunnel.server = ( "" => ( ( "host" => "127.0.0.1", "port" => "5900" ) ) )
    wstunnel.frame-type = "binary" 
    server.stream-request-body  = 2
    server.stream-response-body = 2
}

Please take proper precautions to limit access to the VNC server, possibly including requiring proper authentication and limiting access to certain source IPs.

Updated by gstrauss about 2 months ago ยท 6 revisions