| 20 | |
| 21 | [[BR]] |
| 22 | |
| 23 | |
| 24 | === SELinux and Proxies === |
| 25 | On some distributions (ie: Fedora, RHEL / CentOS), SELinux may block the connection from the web server to the xpra server port. |
| 26 | There are at least 3 solutions to this problem, from the most secure to the least: |
| 27 | * add a policy to allow apache to connect only to the xpra port: |
| 28 | {{{ |
| 29 | require { |
| 30 | type httpd_t; |
| 31 | type xpra_port_t; |
| 32 | class tcp_socket name_connect; |
| 33 | } |
| 34 | allow httpd_t xpra_port_t:tcp_socket name_connect; |
| 35 | }}} |
| 36 | * allow apache to connect to all ports: |
| 37 | {{{ |
| 38 | setsebool -P httpd_can_network_connect on |
| 39 | }}} |
| 40 | * disable SELinux |