just doesn't work.
But we have nginx and with some pointers from the excellent people at Cendio I got it working :)
To make the setup a little bit more clear, I wanted to do this:
The portal.external.com server is a system serving multiple web resources. Because they are all within the same namespace (portal.external.com), the content needs to be moved in their own namespace. So for ThinLinc this would mean that when the user requests portal.external.com/thinlinc they get the ThinLinc HTML5 client.
To make this work, the content that is being served by the ThinLinc server needs to be rewritten, so that all the resources the webbrowser wants to retrieve are moved to the correct namespace. During this test I used a ThinLinc 4.4.0 installation.
On the ThinLinc server you need to check which name the agent is configured to. The HTML5 client will use this name in it's code to redirect. This name needs to be intercepted and rewritten so it points to the webserver. In our example the agent is pointing to thinlinc.internal.com.
Nginx default has the option to rewrite content with the sub_filter directive. However, versions before 1.9.4 can only have one directive. On versions before 1.9.4 I have used the following http substitution filter withi nginx, which works great:
ngx_http_substitutions_filter_module
The configuration I used looks like this:
With Nginx version 1.9.4 and up it is possible to use multiple sub_filter directives, so it is not required to use additional modules. With the new setup the cofiguration looks like this:
The only extra directive is the sub_filter_once. This is default on. By turning this off multiple instances of one match will be replaced.
The above configurations take care of the following problems.
Requesting the root of the ThinLinc website redirects to /main. In this case we want to add the base folder to that. This is what the proxy_redirect takes care of:
The next bit is for rewriting links that are generated in the HTML code by ThinLinc. The following 2 filters put the extra thinlinc folder reference in:
Take care that if you're running the ThinLinc on the default port 300, you replace the 443 by 300 (or whatever port you're running the ThinLinc webaccess on.
The last substitution is for the page that has the link to the websocket in it. That also needs to be rewritten.
Last the http headers need to be passed to the ThinLinc server for upgrading the HTTP connection to a websocket, otherwise the HTML5 client won't be able to create the websocket connection.
And that's it, it seems to work fine :)
Thinlinc 4.5 has some changes to the way the HTML5 client works. This breaks the above configuration for Nginx. The problem seemed to be the cookie that was set. Adding the following line to the configuration seems to fix the problem:
