If you're using apache httpd2 as your frontend main server, it's also possible to configure it as a reverse proxy mapping a specific path in the frontend, to reverse proxy from the xxeserver, passing websockets and all in a tunnel. That way you don't have to expose the xxeserver port publicly, it only has to be accessible from the apache server. The frontend server will do all the TLS/SSL. If you map it to the same /xxe/ws default path, you don't even have to specify a serverurl parameter in the client. I believe that's the case. You'd use the non-ssl port in xxeserver and proxy settings as the SSL is done or can be done entirely by the proxy, tunneling plain text to the xxeserver and keeping everything secure. Or you can use a dedicated reverse proxy like NGINX or haproxy, in that case you'd proxy your main web server to the root path and /xxe/ws to the xxeserver making sure to pass websockets. And only the proxy server needs to be accessible publicly, usually doing all the security. I believe other web servers like the nodejs servers have also reverse proxy capabilities that can achieve the same thing.
In our testing set up, which is deployed in a Kubernetes cluster, we simply use an ingress controller, which is the standard thing in Kubernetes and is often based on a NGINX server, mapping the xxeserver to the default /xxe/ws path, the xxeserver running in a docker container pod, and our main web app in a different pod running its own web server. The ingress handles security and url mappings and hides the xxeserver and main web server internally. Carlos On Tue, Sep 30, 2025 at 4:52 PM Hussein Shafie <[email protected]> wrote: > Alexander S. wrote: > > > > I am trying to host xxe server on the same machine my website is on. > > > > I have it working when I open the test app on https. > > > > but on my site where i loadf the xxe client, xxx.test.com <http:// > > xxx.test.com> the connection to the xxe is not successfull with this > error: > > > > xxeclient.js:15142 WebSocket connection to 'wss://localhost:18079/xxe/ > > ws' failed: > > (anonymous) @ xxeclient.js:15142 > > connect @ xxeclient.js:15141 > > (anonymous) @ xxeclient.js:15364 > > sendRequest @ xxeclient.js:15363 > > doSendRequest @ xxeclient.js:15940 > > (anonymous) @ xxeclient.js:16030Understand this error > > xxeclient.js:15210 Client[wss://localhost:18079/xxe/ws].onOpenError: > > [object Event] > > onOpenError @ xxeclient.js:15210 > > _onOpenError @ xxeclient.js:15148Understand this error > > xxeclient.js:15214 Uncaught (in promise) Error: cannot connect to wss:// > > localhost:18079/xxe/ws: code=1006, reason="" > > at Client.onOpenFailed (xxeclient.js:15214:8) > > at WebSocket._onOpenFailed (xxeclient.js:15151:6) > > > > > > How would recommend for me to set this up so xxx.test.com <http:// > > xxx.test.com> can access the xxe server running on the same machine? > > > > I tried starting xxe with selfsigned certificate, and also the ip of my > > hosting machine. > > > > I have no recommendations per se. I'll just describe here how we made > "XMLmind XML Editor Web Edition - Online demo" > (https://www.xmlmind.com/xmleditor/web_edition.shtml) work on the > "www.xmlmind.com" server which is running our web site: > > * https://www.xmlmind.com/ (actual SSL certificate) is hosted by an > Apache2 web server (httpd) running on a Linux box. > > --> VERY IMPORTANT: The HTTPS default 443 port is opened in the firewall > of the Linux box. > > * Clicking the "Online demo" button opens a web browser tab displaying > https://www.xmlmind.com/xmleditor/_web/demo/index.html (a "normal" HTML > page served "normally" by our "normal" web server https://www.xmlmind.com/ > ) > > * This "index.html" page contains: > --- > <!DOCTYPE html> > <html xmlns="http://www.w3.org/1999/xhtml"; lang="en"> > <head> > <meta content="text/html; charset=UTF-8" > http-equiv="Content-Type" /> > <title>XMLmind XML Editor Web Edition</title> > <link href="./xxeclient/xxeclient.css" > rel="stylesheet" type="text/css" /> > <script type="module" src="./xxeclient/xxeclient.js"></script> > </head> > <body> > <xxe-app documentstorage="remote" > serverurl="${protocol}://${hostname}:${defaultPort}/xxe/ws"> > ... > </xxe-app> > ... > </body> > </html> > --- > > Notice the "serverurl" attribute. This important attribute is documented > here: > > > https://www.xmlmind.com/xmleditor/_web/doc/manual/xxe-app_reference.html#xxe-app_reference > > and more precisely here: > > > https://www.xmlmind.com/xmleditor/_web/doc/manual/xxe-client_reference.html#xxe-client_reference__xxe-client_serverurl > > In consequence, the client <xxe-app> connects to an xxeserver operating > on wss://www.xmlmind.com:18079/ > > * xxeserver has been started on the Linux box as follows: > --- > nohup ".../xxeserver" \ > -maxeditors 10 \ > -faccess ".../fileaccess.json" \ > -pid ".../xxeserver.pid" \ > -logserver ".../log" \ > -keystore ".../XXX.pfx" \ > -storepass PPP -keypass QQQ & disown > --- > > No -port option and -keystore option (with the same actual SSL > certificate) has been specified, hence default port 18079 is used. See > documentation here: > https://www.xmlmind.com/xmleditor/_web/doc/manual/xxeserver_reference.html > > --> VERY IMPORTANT: This 18079 port is opened in the firewall of the > Linux box. > > > > > -- > XMLmind XML Editor Support List > [email protected] > http://www.xmlmind.com/mailman/listinfo/xmleditor-support >
-- XMLmind XML Editor Support List [email protected] http://www.xmlmind.com/mailman/listinfo/xmleditor-support
