NoMachine servers supporting connections via HTTP/HTTPS are designed to provide a fully integrated service to deploy sessions on the web which doesn't require additional software to be installed or manual configuration. The minimal Apache web server included in the NoMachine package, nxhtd, provides the necessary modules and is pre-configured to work with the 'nxwebplayer' application. Such application is the web client UI (user Interface) which permits users to run sessions in a browser.

Since v. 7, it's also possible to start web sessions directly via the NoMachine client installed on the user's device. Just choose HTTP as protocol in the client UI, the session will be launched in the browser.

It is possible to run the web player application also with an alternative Apache web server. This requires however to configure the Apache web server and NoMachine. Basic skills about Apache installation and configuration are therefore requested.

Prerequisite is that an official version of Apache is installed on the host machine, please refer to the Apache documentation related to your Operating System for instructions.

TIP

Since version 6.4, Web Sockets technology is integrated into NoMachine's web sessions. This requires to use the built-in web server (nxhtd) or to customize your Apache web server to support that.

First step to configure the alternative web server is to ensure that the following Apache modules are loaded in your web server.

On Linux and macOS:
core_module
authn
authn_core
authz_host
authz_groupfile
authz_user
authz_core
auth_basic
so
filter
deflate
http
mime
log_config
expires
headers
setenvif )
version
remoteip
ssl
mpm_worker
unixd
status
autoindex
cgi
dir
actions
alias
rewrite

On Windows:
win32
mpm_winnt
http
so
authn_core
authn_file
authz_core
authz_host
authz_groupfile
authz_user
auth_basic
filter
deflate
log_config
expires
setenvif
env
version
mime
status
cgi
dir
actions
ssl
alias
rewrite
headers
remoteip

This is the list of modules used by the built-in NoMachine web server, nxhtd v. 7.

The mod_evasive is also supported. Please see this article for installing and configuring it: https://www.nomachine.com/AR02R01077

You can check if some of these modules are already loaded by default by your Apache and then add the missing module(s). For detailed instructions, please refer to the official documentation of Apache for your Operating System and distribution.

Some examples for Linux. On RHEL/CentOS, modules can be enabled by editing the Apache configuration. On Ubuntu 19.10 and Apache/2.4.41 or Ubuntu 17.04 and Apache/2.4.25 you need to use the 'a2enmod' command:

As an example, for adding a module to Apache/2.4.41 (Ubuntu 19.10) or Apache/2.4.25 (Ubuntu 17.04):

Once your Apache web server is ready, you can proceed to prepare the include file ('web.inc') providing directives for the NoMachine web player program. Follow instructions for the appropriate operating system, Linux, Windows or macOS detailed in the next paragraphs.

Step 1- Create the web.inc file
Copy content below including between the ---Begin--- and ---End--- tags to a file.
Name the file as web.inc and place it in the /usr/NX/etc directory:

---Begin---
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

<Directory "/usr/NX/">
AllowOverride None
Options None
Require all denied
</Directory>

<Directory "/usr/NX/share/htdocs">
Options +Indexes +FollowSymLinks
AllowOverride None

Require all granted
</Directory>

<Directory "/usr/NX/share/htdocs/nxwebplayer">
Require all denied

<FilesMatch "(?i).+\.(js|css|json|png|ico)$">
Require all granted
</FilesMatch>
</Directory>

<Directory "/usr/NX/var/tmp/nxwebplayer/info">
AllowOverride None
Options None
Require all denied

<FilesMatch "^[a-fA-F0-9]{32}\.info$">
Require all granted
</FilesMatch>
</Directory>

<Directory "/usr/NX/share/htdocs/mod">
Require all denied

<Files "libnxwebsocket.so">
Require all granted
</Files>
</Directory>

<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig "/usr/NX/etc/mime.types"

#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# Added support to VP8 media

AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi

# For type maps (negotiated resources):
#AddHandler type-map var

#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Note: The following must be present to support starting
# without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#
# deflate module settings
#
<IfModule mod_deflate.c>
# these are known to be safe with MSIE 6
#AddOutputFilterByType DEFLATE text/html text/plain text/xml

# everything else may cause problems with MSIE 6
#AddOutputFilterByType DEFLATE text/css
#AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
#AddOutputFilterByType DEFLATE application/rss+xml

#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

AddOutputFilterByType DEFLATE image/jpeg image/png text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

DeflateCompressionLevel 9
DeflateMemLevel 9
DeflateWindowSize 15
DeflateBufferSize 8096

#Header append Vary User-Agent env=!dont-vary
</IfModule>

#
# expires module settings
#
#<IfModule mod_expires>
# enable expiry headers
ExpiresActive on
# set global expiry times
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|gif|png|jpg|jpeg)$">
ExpiresDefault A29030400
#Header append Cache-Control "public"
</FilesMatch>
#</IfModule>

TraceEnable Off
ServerSignature Off
ServerTokens Prod

Header always append X-Frame-Options SAMEORIGIN
Header always set Strict-Transport-Security "max-age=2592000; includeSubDomains"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:"

RewriteEngine On
ReWriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteRule ^/(.*) https://%{SERVER_ADDR}:443/nxwebplayer [R,L]

<VirtualHost 0.0.0.0:443>

ServerAdmin you@example.com

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/?nxwebplayer$ [NC]
RewriteCond %{REQUEST_URI} !^/?(event|eventinit)$
RewriteCond %{REQUEST_URI} !^/?nxplayer/(js|images|style|languages)/.*$
RewriteCond %{REQUEST_URI} !^/?nxinfo/[a-fA-F0-9]{32}\.info$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteCond %{REQUEST_URI} !^/?$
RewriteRule ^(.*)$ - [F,L]

SSLEngine on

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

#server certificate:
SSLCertificateFile "/usr/NX/etc/keys/host/ht_host_rsa_key.crt"

#private server key:
SSLCertificateKeyFile "/usr/NX/etc/keys/host/ht_host_rsa_key"

#server certificate chain:
#SSLCertificateChainFile "/usr/NX/etc/nomachine-CA.crt"

#Certificate Authority (CA):
#SSLCACertificateFile "/usr/NX/etc/nomachine-CA.crt"

SSLCipherSuite ALL:!ADH:!EXPORT56:!3DES:+HIGH:+MEDIUM:!RC4:!IDEA-CBC-SHA

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Alias /nxplayer/ "/usr/NX/share/htdocs/nxwebplayer/"
Alias /nxinfo/ "/usr/NX/var/tmp/nxwebplayer/info/"

ScriptAliasMatch "(?i)^/nxwebplayer" "/usr/NX/bin/nxwebclient"

<Directory "/usr/NX/bin">
Require all denied

<Files "nxwebclient">
Options +ExecCGI
Require all granted
</Files>
</Directory>
---End---

TIPS
I	If NoMachine is installed in a non-default path, replace '/usr/NX' with the proper path.
II	Example above uses the default Apache port 443. Set it to the appropriate port, if different on your system.

Step 2- Include the web.inc file in the Apache configuration.
Identify your Apache main configuration file, usually httpd.conf. In our example for Ubuntu, the main configuration file of Apache 2.4.41 and 2.4.25 is: /etc/apache2/apache2.conf. On RHEL based distributions it's usually /etc/httpd/conf/httpd.conf.

Open the Apache configuration file and look for the "Global configuration" or Global Environment" section. Place the following include directive before that section:
Include path_to_installation_directory/etc/web.inc

Step 3- Restart your web server. For example on Ubuntu 19.10 and 17.04:

Proceed now to configure NoMachine for using the alternative web server (see the next chapter).

Step 1- Create the web.inc file
Copy content below including between the ---Begin--- and ---End--- tags to a file.
Name the file as web.inc and place it in the C:\Program Files (x86)\NoMachine\etc directory:

---Begin---
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

<Directory "C:/Program Files (x86)/NoMachine/">
AllowOverride None
Options None
Require all denied
</Directory>

<Directory "C:/Program Files (x86)/NoMachine/share/htdocs">
Options +Indexes +FollowSymLinks
AllowOverride None

Require all granted
</Directory>

<Directory "C:/Program Files (x86)/NoMachine/share/htdocs/nxwebplayer">
Require all denied

<FilesMatch "(?i).+\.(js|css|json|png|ico)$">
Require all granted
</FilesMatch>
</Directory>

<Directory "C:/ProgramData/NoMachine/var/tmp/nxwebplayer/info">
AllowOverride None
Options None
Require all denied

<FilesMatch "^[a-fA-F0-9]{32}\.info$">
Require all granted
</FilesMatch>
</Directory>

<Directory "C:/Program Files (x86)/NoMachine/share/htdocs/mod">
Require all denied

<Files "libnxwebsocket.dll">
Require all granted
</Files>
</Directory>

<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig "C:\Program Files (x86)\NoMachine/etc/mime.types"

#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# Added support to VP8 media

AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi

# For type maps (negotiated resources):
#AddHandler type-map var

#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Note: The following must be present to support starting
# without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#
# deflate module settings
#
<IfModule mod_deflate.c>
# these are known to be safe with MSIE 6
#AddOutputFilterByType DEFLATE text/html text/plain text/xml

# everything else may cause problems with MSIE 6
#AddOutputFilterByType DEFLATE text/css
#AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
#AddOutputFilterByType DEFLATE application/rss+xml

#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

AddOutputFilterByType DEFLATE image/jpeg image/png text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

DeflateCompressionLevel 9
DeflateMemLevel 9
DeflateWindowSize 15
DeflateBufferSize 8096

#Header append Vary User-Agent env=!dont-vary
</IfModule>

#
# expires module settings
#
#<IfModule mod_expires>
# enable expiry headers
ExpiresActive on
# set global expiry times
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|gif|png|jpg|jpeg)$">
ExpiresDefault A29030400
#Header append Cache-Control "public"
</FilesMatch>
#</IfModule>

TraceEnable Off
ServerSignature Off
ServerTokens Prod

Header always append X-Frame-Options SAMEORIGIN
Header always set Strict-Transport-Security "max-age=2592000; includeSubDomains"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:"

RewriteEngine On
ReWriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteRule ^/(.*) https://%{SERVER_ADDR}:443/nxwebplayer [R,L]

<VirtualHost 0.0.0.0:443>

ServerAdmin you@example.com

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/?nxwebplayer$ [NC]
RewriteCond %{REQUEST_URI} !^/?(event|eventinit)$
RewriteCond %{REQUEST_URI} !^/?nxplayer/(js|images|style|languages)/.*$
RewriteCond %{REQUEST_URI} !^/?nxinfo/[a-fA-F0-9]{32}\.info$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteCond %{REQUEST_URI} !^/?$
RewriteRule ^(.*)$ - [F,L]

SSLEngine on

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

#server certificate:
SSLCertificateFile "C:/Program Files (x86)/NoMachine/etc/keys/host/ht_host_rsa_key.crt"

#private server key:
SSLCertificateKeyFile "C:/Program Files (x86)/NoMachine/etc/keys/host/ht_host_rsa_key"

#server certificate chain:
#SSLCertificateChainFile "C:/Program Files (x86)/NoMachine/etc/nomachine-CA.crt"

#Certificate Authority (CA):
#SSLCACertificateFile "C:/Program Files (x86)/NoMachine/etc/nomachine-CA.crt"

SSLCipherSuite ALL:!ADH:!EXPORT56:!3DES:+HIGH:+MEDIUM:!RC4:!IDEA-CBC-SHA

PassEnv ALLUSERSPROFILE USERPROFILE
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Alias /nxplayer/ "C:/Program Files (x86)/NoMachine/share/htdocs/nxwebplayer/"
Alias /nxinfo/ "C:/ProgramData/NoMachine/var/tmp/nxwebplayer/info/"

ScriptAliasMatch "(?i)^/nxwebplayer" "C:/Program Files (x86)/NoMachine/bin/nxwebclient.exe"

<Directory "C:/Program Files (x86)/NoMachine/bin">
Require all denied

<Files "nxwebclient.exe">
Options +ExecCGI
Require all granted
</Files>
</Directory>
---End---

TIPS
I	If NoMachine is installed in a non-default path, replace 'C:\Program Files (x86)\' with the proper path.
II	Example above uses the default Apache port 443. Set it to the appropriate port, if different on your system.

Step 2- Include the web.inc file in the Apache configuration.
Identify your Apache main configuration file, usually httpd.conf, e.g. path_to_apache_installation_directory/Apache24/conf/httpd.conf for Apache 2.4 on Windows 10.

Open the Apache configuration fileand place the following include directive at the end of the file:
Include path_to_nomachine_installation_directory/etc/web.inc

Step 3- Restart your web server. You can do that from the Windows system tray or manually from a CMD console executed as administrator, for example:

Proceed now to configure NoMachine for using the alternative web server (see the next chapter).

Step 1- Create the web.inc file
Copy content below including between the ---Begin--- and ---End--- tags to a file.
Name the file as web.inc and place it in the /Applications/NoMachine.app/Contents/Frameworks/etc/ directory:

---Begin---
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

<Directory "/Applications/NoMachine.app/Contents/Frameworks/">
AllowOverride None
Options None
Require all denied
</Directory>

<Directory "/Applications/NoMachine.app/Contents/Frameworks/share/htdocs">
Options +Indexes +FollowSymLinks
AllowOverride None

Require all granted
</Directory>

<Directory "/Applications/NoMachine.app/Contents/Frameworks/share/htdocs/nxwebplayer">
Require all denied

<FilesMatch "(?i).+\.(js|css|json|png|ico)$">
Require all granted
</FilesMatch>
</Directory>

<Directory "/Library/Application Support/NoMachine/var/tmp/nxwebplayer/info">
AllowOverride None
Options None
Require all denied

<FilesMatch "^[a-fA-F0-9]{32}\.info$">
Require all granted
</FilesMatch>
</Directory>

<Directory "/Applications/NoMachine.app/Contents/Frameworks/share/htdocs/mod">
Require all denied

<Files "libnxwebsocket.dylib">
Require all granted
</Files>
</Directory>

<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig "/Applications/NoMachine.app/Contents/Frameworks/etc/mime.types"

#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# Added support to VP8 media

AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm

#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler cgi-script .cgi

# For type maps (negotiated resources):
#AddHandler type-map var

#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>

#
# Note: The following must be present to support starting
# without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#
# deflate module settings
#
<IfModule mod_deflate.c>
# these are known to be safe with MSIE 6
#AddOutputFilterByType DEFLATE text/html text/plain text/xml

# everything else may cause problems with MSIE 6
#AddOutputFilterByType DEFLATE text/css
#AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
#AddOutputFilterByType DEFLATE application/rss+xml

#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

AddOutputFilterByType DEFLATE image/jpeg image/png text/xml text/css application/x-javascript application/javascript application/ecmascript application/rss+xml text/x-js

DeflateCompressionLevel 9
DeflateMemLevel 9
DeflateWindowSize 15
DeflateBufferSize 8096

#Header append Vary User-Agent env=!dont-vary
</IfModule>

#
# expires module settings
#
#<IfModule mod_expires>
# enable expiry headers
ExpiresActive on
# set global expiry times
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(ico|gif|png|jpg|jpeg)$">
ExpiresDefault A29030400
#Header append Cache-Control "public"
</FilesMatch>
#</IfModule>

TraceEnable Off
ServerSignature Off
ServerTokens Prod

Header always append X-Frame-Options SAMEORIGIN
Header always set Strict-Transport-Security "max-age=2592000; includeSubDomains"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:"

RewriteEngine On
ReWriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteRule ^/(.*) https://%{SERVER_ADDR}:443/nxwebplayer [R,L]

<VirtualHost 0.0.0.0:443>

ServerAdmin you@example.com

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/?nxwebplayer$ [NC]
RewriteCond %{REQUEST_URI} !^/?(event|eventinit)$
RewriteCond %{REQUEST_URI} !^/?nxplayer/(js|images|style|languages)/.*$
RewriteCond %{REQUEST_URI} !^/?nxinfo/[a-fA-F0-9]{32}\.info$
RewriteCond %{REQUEST_URI} !^/?favicon.ico$
RewriteCond %{REQUEST_URI} !^/?$
RewriteRule ^(.*)$ - [F,L]

SSLEngine on

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

#server certificate:
SSLCertificateFile "/Applications/NoMachine.app/Contents/Frameworks/etc/keys/host/ht_host_rsa_key.crt"

#private server key:
SSLCertificateKeyFile "/Applications/NoMachine.app/Contents/Frameworks/etc/keys/host/ht_host_rsa_key"

#server certificate chain:
#SSLCertificateChainFile "/Applications/NoMachine.app/Contents/Frameworks/etc/nomachine-CA.crt"

#Certificate Authority (CA):
#SSLCACertificateFile "/Applications/NoMachine.app/Contents/Frameworks/etc/nomachine-CA.crt"

SSLCipherSuite ALL:!ADH:!EXPORT56:!3DES:+HIGH:+MEDIUM:!RC4:!IDEA-CBC-SHA

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Alias /nxplayer/ "/Applications/NoMachine.app/Contents/Frameworks/share/htdocs/nxwebplayer/"
Alias /nxinfo/ "/Library/Application Support/NoMachine/var/tmp/nxwebplayer/info/"

ScriptAliasMatch "(?i)^/nxwebplayer" "/Applications/NoMachine.app/Contents/Frameworks/bin/nxwebclient"

<Directory "/Applications/NoMachine.app/Contents/Frameworks/bin">
Require all denied

<Files "nxwebclient">
Options +ExecCGI
Require all granted
</Files>
</Directory>
---End---

TIP
I	Example above uses the default Apache port 443. Set it to the appropriate port, if different on your system.

Step 2- Include the web.inc file in the Apache configuration.
Identify your Apache main configuration file, usually httpd.conf. For example: /etc/apache2/httpd.conf.

Open the Apache configuration fileand place the following include directive at the end of the file:
Include path_to_nomachine_installation_directory/etc/web.inc

Step 3- Restart your web server. For example:

Proceed now to configure NoMachine for using the alternative web server (see the next chapter).

Step 1- Set the Apache's user and group in the NoMachine configuration.
Edit the NoMachine server configuration file:
/usr/NX/etc/server.cfg on Linux
C:\Program files (x86)\NoMachine\etc\server.cfg on Windows
/Applications/NoMachine.app/Contents/Frameworks/etc/server.cfg on macOS
and update the following keys to fit your web server:
ApacheUname nxhtd
ApacheGname nxhtd

For example, if your web server is running as user www-data and group www-data, set:
ApacheUname www-data
ApacheGname www-data

Step 2- On Linux and macOS create the .nx directory in the home of the Apache user.
On Linux, it is for example: /usr/share/httpd/.nx.
The ownership of this directory must be set to the Apache user, e.g. 'apache' on RHEL/CentOS or 'www-data' on Ubuntu and have permissions 755. E.g.:
drwxr-xr-x apache apache .nx
To apply proper ownership and permissions execute (if the Apache user is 'apache'):

On macOS the home of the Apache user, which is usually _www, is: /Library/WebServer/. So you need to create the /Library/WebServer/.nx directory and set proper ownership (_www:_www) and permissions (755):

Step 3- Update the web player configuration
Run the update procedure to update the webplayer accordingly to the new configuration settings. On Linux and macOS:

On Windows:

This will change ownership and group of the web player files according to the new value set in the ApacheUname and ApacheGname keys.

Step 4- Stop the NoMachine HTTP server
Stop nxhtd by using the nxserver tools. On Linux and macOS

On Windows:

Step 5- Disable the starting of the NoMachine HTTP server
Edit server.cfg and remove HTTP from the ClientConnectionMethods key. It should look like:
ClientConnectionMethods NX,SSH

Then restart the NoMachine server to make this change effective. On Linux and macOS:

On Windows:

You are now ready to serve the NoMachine session trough your own web server.

Point the browser to:
https://IP:PORT/nxwebplayer
to reach the web player application.

TIP

If the Apache configuration include this directive: <VirtualHost *:80> when users connect to https://IP:PORT or https://IP they will se the Apache index listing all web applications available. To forbid the directory listing, remove the <VirtualHost *:80> directive from the Apache configuration.