[Kimchi-devel] [v3] Enable encryption in vm VNC console connection
Zhou Zheng Sheng
zhshzhou at linux.vnet.ibm.com
Sat May 3 12:07:29 UTC 2014
Thanks Aline. You are right. I didn't notice the authentication problem.
I think your approach should work.
on 2014/05/01 20:00, Aline Manera wrote:
> After applying this patch and make more tests I noticed we need to
> improve it.
> In this way we are exposing all the noVNC files and let websockify web
> server render the noVNC page.
> The websockify web server is limited - as far as I know it only exposes
> and renders content in a directory.
> So if someone has the URL
> https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1
> he/she can access
> the VM console without Kimchi authentication.
>
> My idea is very similar to what is being doing today BUT instead of
> exposing all the noVNC files, we expose just one vnc.html
> That html will redirect the user to Kimchi vnc.html (so Kimchi will be
> responsible to render noVNC page) and we can add
> authentication to it
>
> The big picture will be:
>
> JS connectToVNC() will redirect to
> https://host-ip:64667/vnc.html?port=64667&path=?token=my-vm&encrypt=1
>
> https://host-ip:64667/vnc.html will redirect to
> https://host-ip:8001/vnc.html after loading the page.
>
> So if the user haven't accepted the CA yet he/she will be able to do it
> beforing being redirected to Kimchi page.
>
> I am working in a patch to do what I described above and also add Kimchi
> authentication to vnc.html and spice.html
>
More information about the Kimchi-devel
mailing list