[Kimchi-devel] [PATCH 3/6] Make use of the mini Web server in the websockify

Zhou Zheng Sheng zhshzhou at linux.vnet.ibm.com
Sun May 4 07:23:56 UTC 2014 

on 2014/05/02 08:49, Aline Manera wrote:
> From: Aline Manera <alinefm at br.ibm.com>
> 
> Some browsers doesn't support well for the usage self-signed certs in the ssl
> websocket connection. For details, please see:
> https://github.com/kanaka/websockify/wiki/Encrypted-Connections
> 
> For chrome browser, the encrypted console connection should work after
> you login with ssl connection. But for firefox, it does not show a
> confirmation page for the user the accept the self-signed cert when
> the HTTPs connection is started from a websocket.
> 
> So this patch makes use of the Web server in the websockify. The mini
> Web server in the websockify can serve static contents like html, css
> and js.
> This patch add a simple HTMl file (vnc_auto.html) to pages/novnc and have
> websockify serve this file.
> 
> When the user clicks the VNC icon, Kimchi brings the user to
> https://host:64667/vnc_auto.html, which is served by websockify. Then
> firefox would prompt a confirmation page for the self-signed cert. After
> the user accept the cert, the user will be redirected to noVNC page
> provided by Kimchi server.
> 
> It is important to have Kimchi providing the noVNC page to be able to
> add authentication to console pages (vnc_auto.html and spice.html)
> 
> Signed-off-by: Aline Manera <alinefm at br.ibm.com>
> Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
> Signed-off-by: Zhou Zheng Sheng <zhshzhou at linux.vnet.ibm.com>
> ---
>  configure.ac                  |    1 +
>  contrib/kimchi.spec.fedora.in |    1 +
>  contrib/kimchi.spec.suse.in   |    1 +
>  src/kimchi/vnc.py             |    3 ++-
>  ui/js/src/kimchi.api.js       |    8 ++------
>  ui/pages/Makefile.am          |    2 +-
>  ui/pages/novnc/Makefile.am    |   20 ++++++++++++++++++++
>  ui/pages/novnc/vnc_auto.html  |   22 ++++++++++++++++++++++
>  8 files changed, 50 insertions(+), 8 deletions(-)
>  create mode 100644 ui/pages/novnc/Makefile.am
>  create mode 100644 ui/pages/novnc/vnc_auto.html
> 
> diff --git a/configure.ac b/configure.ac
> index 7d76f97..a16bca5 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -84,6 +84,7 @@ AC_CONFIG_FILES([
>      ui/pages/help/en_US/Makefile
>      ui/pages/help/pt_BR/Makefile
>      ui/pages/help/zh_CN/Makefile
> +    ui/pages/novnc/Makefile
>      ui/pages/tabs/Makefile
>      contrib/Makefile
>      contrib/DEBIAN/Makefile
> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
> index 104c114..56314a2 100644
> --- a/contrib/kimchi.spec.fedora.in
> +++ b/contrib/kimchi.spec.fedora.in
> @@ -179,6 +179,7 @@ rm -rf $RPM_BUILD_ROOT
>  %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
>  %{_datadir}/kimchi/ui/pages/*.html.tmpl
>  %{_datadir}/kimchi/ui/pages/help/*/*.html
> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl

I think it should be *.html not *.html.tmpl

>  %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
>  %{_sysconfdir}/kimchi/kimchi.conf
>  %{_sysconfdir}/kimchi/nginx.conf.in
> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
> index 7704822..6e269d9 100644
> --- a/contrib/kimchi.spec.suse.in
> +++ b/contrib/kimchi.spec.suse.in
> @@ -101,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
>  %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
>  %{_datadir}/kimchi/ui/pages/*.html.tmpl
>  %{_datadir}/kimchi/ui/pages/help/*/*.html
> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl

Same as above.

>  %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
>  %{_sysconfdir}/kimchi/kimchi.conf
>  %{_sysconfdir}/kimchi/nginx.conf.in
> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> index 3251f06..3f483f6 100644
> --- a/src/kimchi/vnc.py
> +++ b/src/kimchi/vnc.py
> @@ -44,7 +44,8 @@ def new_ws_proxy():
> 
>      cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
>      args = ['python', cmd, config.get('display', 'display_proxy_port'),
> -            '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key]
> +            '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key,
> +            '--web', os.path.join(paths.ui_dir, 'pages/novnc')]
>      p = subprocess.Popen(args, close_fds=True)
>      return p
> 
> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> index 6fcac6d..dcf9bd1 100644
> --- a/ui/js/src/kimchi.api.js
> +++ b/ui/js/src/kimchi.api.js
> @@ -318,20 +318,16 @@ var kimchi = {
>              type : 'GET',
>              dataType : 'json'
>          }).done(function(data, textStatus, xhr) {
> -            http_port = data['http_port'];
>              proxy_port = data['display_proxy_port'];
>              kimchi.requestJSON({
>                  url : "/vms/" + encodeURIComponent(vm) + "/connect",
>                  type : "POST",
>                  dataType : "json"
>              }).done(function() {
> -                /**
> -                 * Due to problems with web sockets and self-signed
> -                 * certificates, for now we will always redirect to http
> -                 */
> -                url = 'http://' + location.hostname + ':' + http_port;
> +                url = 'https://' + location.hostname + ':' + proxy_port;
>                  url += "/vnc_auto.html?port=" + proxy_port;
>                  url += "&path=?token=" + encodeURIComponent(vm);
> +                url += "&kimchi=" + location.port;
>                  url += '&encrypt=1'
>                  window.open(url);
>              });
> diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am
> index 0c04a72..c3e61db 100644
> --- a/ui/pages/Makefile.am
> +++ b/ui/pages/Makefile.am
> @@ -15,7 +15,7 @@
>  # See the License for the specific language governing permissions and
>  # limitations under the License.
> 
> -SUBDIRS = help tabs
> +SUBDIRS = help tabs novnc
> 
>  htmldir = $(datadir)/kimchi/ui/pages
> 
> diff --git a/ui/pages/novnc/Makefile.am b/ui/pages/novnc/Makefile.am
> new file mode 100644
> index 0000000..f93f0c8
> --- /dev/null
> +++ b/ui/pages/novnc/Makefile.am
> @@ -0,0 +1,20 @@
> +#
> +# Kimchi
> +#
> +# Copyright IBM, Corp. 2014
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at
> +#
> +#     http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +novnchtmldir = $(datadir)/kimchi/ui/pages/novnc
> +
> +dist_novnchtml_DATA = $(wildcard *.html.tmpl) $(NULL)

I think it should be just "vnc_auto.html", since there is no
".html.tmpl" file in this directory.

> diff --git a/ui/pages/novnc/vnc_auto.html b/ui/pages/novnc/vnc_auto.html
> new file mode 100644
> index 0000000..f702dc9
> --- /dev/null
> +++ b/ui/pages/novnc/vnc_auto.html
> @@ -0,0 +1,22 @@
> +<!DOCTYPE html>
> +<html>
> +  <head>
> +    <script type="text/javascript">
> +      redirectToKimchi = function() {
> +        var query = window.location.search;
> +        var match = /.*kimchi=(.*?)(&|$)/g.exec(query);
> +        if (match != null) {
> +            query = query.replace("kimchi=" + match[1] + "&", "")
> +            query = query.replace("kimchi=" + match[1], "")
> +
> +            url = "https://" + location.hostname + ":" + match[1];
> +            url += location.pathname + query
> +
> +            window.location.replace(url)
> +        }
> +      }
> +    </script>
> +  </head>
> +
> +  <body onload="redirectToKimchi()"/>
> +</html>
> 


-- 
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou at linux.vnet.ibm.com
Telephone: 86-10-82454397

More information about the Kimchi-devel mailing list