<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>I would also like to note that if nginx and websocket proxy are on the same machine you cannot have both nginx and websocket proxy listening on 6100… it would be best to change the websocket proxy listening port and then proxy both ipv4 and 6 with nginx :)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> users-bounces@ovirt.org [mailto:users-bounces@ovirt.org] <b>On Behalf Of </b>Donny Davis<br><b>Sent:</b> Thursday, December 18, 2014 9:06 AM<br><b>To:</b> users@ovirt.org<br><b>Subject:</b> [ovirt-users] IPv6 Functionality for WebSocket Proxy<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I just realized this morning that my noVNC connections were not working for IPv6 only on cloudspin.me<o:p></o:p></p><p class=MsoNormal>For those who want to deploy dual stack functionality for ovirt-websocket-proxy here is a very simple and elegant fix. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>NGINX is a useful tool :)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>You will need nginx to proxy the connection between your IPv6 customers, and the IPv4 listening only websocket proxy(however that can be changed in /usr/share/ovirt-engine/services/ovirt-websocket-proxy/ovirt-websocket-proxy.conf but you can't have your cake and eat it too… one or the other ipv4 or ipv6)<o:p></o:p></p><p class=MsoNormal>Anyways, here is the fix<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Install nginx on your websocket proxy server - Why Nginx, because I like it better than apache. The default config for Ovirt could be setup to do this with the web server that is already running :) just sayin<o:p></o:p></p><p class=MsoNormal>For my configuration I am running the websocket proxy on a different host, but I imagine you could use this config in a full deployment and use websocket proxy on the engine host<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>server {<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> server_name web.cloudspin.me; # this is the hostname that you told the engine that the websocket proxy would be listening on<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> #listen 6100; #Commented because I am using this for ipv6 only, but you could use nginx to proxy both and only open one port in the firewall<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> listen [::]:6100 ssl; #NOTE this needs to listen on the same port you told the engine the websocket proxy would be listening on <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_certificate /physical/path/to/ssl/cert; #I used the same cert that my websocket proxy is using<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_certificate_key /physical/path/to/ssl/key;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl on;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_session_cache builtin:1000 shared:SSL:10m;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> ssl_prefer_server_ciphers on;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> access_log /var/log/nginx/websocket.cloudspin.me-access.log;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> error_log /var/log/nginx/websocket.cloudspin.me-error.log;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> location / {<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> proxy_pass <a href="https://ip_address_of_websocket_proxy:6100">https://ip_address_of_websocket_proxy:6100</a>;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> proxy_http_version 1.1;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> proxy_set_header Upgrade $http_upgrade;<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> proxy_set_header Connection "upgrade";<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> }<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'> }<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>Too easy to fix the many problems I have had getting websocket proxy to work. If you have a commerical cert and key, this would be a great place to put it, so your users don't have to bother with trusting your CA, it will just work <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>Cheers and I hope this helps<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>If anyone needs any help getting this to work give me a shout<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>Donny D<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console"'>cloudspin.me<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>