[Kimchi-devel] [PATCH 5/6] backend: Redirect 401 error to default page
Aline Manera
alinefm at linux.vnet.ibm.com
Fri May 2 00:49:24 UTC 2014
From: Aline Manera <alinefm at br.ibm.com>
When a non-authenticated user tries to access the URL
http://host-ip:port/vnc.html?port=64667&path=?token=<my-vm>&encrypt=1
Kimchi server will return 401 error code before loading the HTML file.
So we need to redirect the 401 error for vnc_auto.html and spice.html
pages to Kimchi default page which will require the user authentication to
proceed.
Also save the current console page to redirect user to properly location
after logging.
Signed-off-by: Aline Manera <alinefm at br.ibm.com>
---
src/nginx.conf.in | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index c339e56..ec7bee8 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -55,7 +55,22 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://127.0.0.1:$kimchid_port/ https://$host:$proxy_ssl_port/;
+ }
+
+ location ~/(vnc_auto|spice\.html) {
+ if ($uri ~ /vnc_auto.html) {
+ add_header Set-Cookie "console_type=vnc";
+ add_header Set-Cookie "console_uri=$request_uri";
+ }
+ if ($uri ~ /spice.html) {
+ add_header Set-Cookie "console_type=spice";
+ add_header Set-Cookie "console_uri=$request_uri";
+ }
+
+ proxy_pass http://127.0.0.1:$kimchid_port;
+ proxy_intercept_errors on;
+ error_page 401 https://$host:$proxy_ssl_port/;
}
}
--
1.7.10.4
More information about the Kimchi-devel
mailing list