[Kimchi-devel] [v3] Enable encryption in vm VNC console connection
Aline Manera
alinefm at linux.vnet.ibm.com
Thu May 1 12:00:51 UTC 2014
On 04/30/2014 03:20 PM, Aline Manera wrote:
> Applied. Thanks.
>
> Regards,
>
> Aline Manera
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
After applying this patch and make more tests I noticed we need to
improve it.
In this way we are exposing all the noVNC files and let websockify web
server render the noVNC page.
The websockify web server is limited - as far as I know it only exposes
and renders content in a directory.
So if someone has the URL
https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1
he/she can access
the VM console without Kimchi authentication.
My idea is very similar to what is being doing today BUT instead of
exposing all the noVNC files, we expose just one vnc.html
That html will redirect the user to Kimchi vnc.html (so Kimchi will be
responsible to render noVNC page) and we can add
authentication to it
The big picture will be:
JS connectToVNC() will redirect to
https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1
https://host-ip:64667/vnc.html will redirect to
https://host-ip:8001/vnc.html after loading the page.
So if the user haven't accepted the CA yet he/she will be able to do it
beforing being redirected to Kimchi page.
I am working in a patch to do what I described above and also add Kimchi
authentication to vnc.html and spice.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140501/bcb46c72/attachment.html>
More information about the Kimchi-devel
mailing list