NoMachine Support

Your questions answered

Knowledge Base

Searching in: Documents
Filter the search results
Version:
Last update:
Searching in: Documents
ID: DT03O00128
Version: NoMachine 6
Added on: 2017-11-14
Last update: 2017-12-04
Use Your Own Apache Web Server to Run NoMachine Sessions on the web
Table of Contents
Introduction
1. Sessions on the Web
Configurations
2. Configuring the Apache Web Server
2.1. Adding the Necessary Modules
2.2. Including Directives for the Web Player
3. Configuring NoMachine to Use your Web Server


Introduction
1. Sessions on the Web

NoMachine servers supporting connections via HTTP/HTTPS are designed to provide a fully integrated service to deploy sessions on the web which doesn't require additional software to be installed or manual configuration. The minimal Apache web server included in the NoMachine package, nxhtd, provides the necessary modules and is pre-configured to work with the 'nxwebplayer' application. Such application is the web client GUI which permits users to run sessions in a browser.

It is possible to run the web player application also with an alternative Apache web server. This requires however to configure the Apache web server and NoMachine. Basic skills about Apache installation and configuration are therefore requested. Instructions below applies to Linux, but can be extended also to other platforms.



2. Configuring your Apache Web Server


2.1. Adding the Necessary Modules

First step to configure the alternative web server is to ensure that the following Apache modules are loaded in your web server:
autoindex
filter
deflate
mime
setenvif
status
actions
alias
expires
ssl
rewrite
cgid

You can check if some of these modules are already loaded by default. For example on Ubuntu 17.04 with Apache/2.4.25 installed you can use this command:

$ apache2ctl -t -D DUMP_MODULES
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
[...]


To add the missing module(s), we suggest to refer to the official documentation of your web server. As an example, for adding a module to Apache/2.4.25 (Ubuntu 17.04):

$ sudo a2enmod ssl

Once your Apache web server is ready, you can proceed to prepare the include file providing directives for the NoMachine web player program.



2.2. Including Directives for the Web Player

Step 1- Create the web.inc file
Copy content below including between the ---Begin--- and ---End--- tags to a file.
Name the file as web.inc and place it in the /usr/NX/etc directory:

---Begin---
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /usr/NX/etc/mime.types

#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# Added support to VP8 media

AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi

# For type maps (negotiated resources):
#AddHandler type-map var

#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Note: The following must be present to support starting
# without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#
# deflate module settings
#
<IfModule mod_deflate.c>
# these are known to be safe with MSIE 6
#AddOutputFilterByType DEFLATE text/html text/plain text/xml

# everything else may cause problems with MSIE 6
#AddOutputFilterByType DEFLATE text/css
#AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
#AddOutputFilterByType DEFLATE application/rss+xml

#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/
javascript application/ecmascript application/rss+xml text/x-js

AddOutputFilterByType DEFLATE image/jpeg image/png text/xml text/css application/x-javascript application/
javascript application/ecmascript application/rss+xml text/x-js

DeflateCompressionLevel 9
DeflateMemLevel 9
DeflateWindowSize 15
DeflateBufferSize 8096

#Header append Vary User-Agent env=!dont-vary


</IfModule>

#
# expires module settings
#
#<IfModule mod_expires>
# enable expiry headers
ExpiresActive on
# set global expiry times
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|gif|png|jpg|jpeg)$">
ExpiresDefault A29030400
#Header append Cache-Control "public"
</FilesMatch>
#</IfModule>

<VirtualHost 0.0.0.0:4443>
ServerAdmin you@example.com

SSLEngine on

SSLProtocol All -SSLv2 -SSLv3

#server certificate:
SSLCertificateFile "/usr/NX/etc/keys/host/ht_host_rsa_key.crt"

#private server key:
SSLCertificateKeyFile "/usr/NX/etc/keys/host/ht_host_rsa_key"

#server certificate chain:
#SSLCertificateChainFile "/usr/NX/etc/nomachine-CA.crt"

#Certificate Authority (CA):
#SSLCACertificateFile "/usr/NX/etc/nomachine-CA.crt"

SSLCipherSuite ALL:!ADH:!EXPORT56:!3DES:+HIGH:+MEDIUM

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost _default_:*>
RewriteEngine on

ReWriteCond %{SERVER_PORT} !^4443$
RewriteRule ^/(.*) https://%{SERVER_ADDR}:4443/nxwebplayer [R,L]
</VirtualHost>


Alias /nxplayer/ "/usr/NX/share/htdocs/nxwebplayer/"

ScriptAlias "/nxwebplayer" "/usr/NX/bin/nxwebclient"

<Directory "/usr/NX/">
AllowOverride None
Options None
</Directory>

<Directory "/usr/NX/share/htdocs">
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride None
Require all granted
</Directory>
---End---

TIP
If NoMachine is installed in a non-default path, replace '/usr/NX' with the proper path.


Step 2- Include the web.inc file in the Apache configuration.
Identify your Apache main configuration file. In our example for Ubuntu, the main configuration file of Apache 2.4.25 is: /etc/apache2/apache2.conf. On RHEL based distributions it's usually /etc/httpd/conf/httpd.conf.

Open the Apache configuration file and look for the "Global configuration" or Global Environment" section. Place the following include directive before that section:
Include path_to_installation_directory/etc/web.inc

Step 2- Restart your web server. For example on Ubuntu 17.04:

$ sudo systemctl restart apache2.service


Proceed now to configure NoMachine for using the alternative web server.



3. Configuring NoMachine to Use your Web Server

Step 1- Set the Apache's user and group in the NoMachine configuration.
Edit the NoMachine server configuration file (/usr/NX/etc/server.cfg file) and update the following keys to fit your web server:
ApacheUname nxhtd
ApacheGname nxhtd

For example, if your web server is running as user www-data and group www-data, set:
ApacheUname www-data
ApacheGname www-data

Step 2- Update the web player configuration
Run the update procedure to update the webplayer accordingly to the new configuration settings:

$ sudo /etc/NX/nxwebplayer --update


This will change ownership and group of the web player files according to the new value set in the ApacheUname and ApacheGname keys.

Step 3- Stop the NoMachine HTTP server
Stop nxhtd by using the nxserver tools:

$ sudo /etc/NX/nxserver --stop nxhtd


Step 4- Disable the starting of the NoMachine HTTP server
Edit server.cfg and remove HTTP from the ClientConnectionMethods key. It should look like:
ClientConnectionMethods NX,SSH

Then restart the NoMachine server to make this change effective:

$ sudo /etc/NX/nxserver --restart


You are now ready to serve the NoMachine session trough your own web server.

Point the browser to:
https://IP:PORT/nxwebplayer
to reach the web player application.

TIP
If the Apache configuration include this directive:
<VirtualHost *:80>
when users connect to https://IP:PORT or https://IP they will se the Apache index listing all web applications available. To forbid the directory listing, remove the <VirtualHost *:80> directive from the Apache configuration.