on 2014/05/02 08:49, Aline Manera wrote:
> From: Aline Manera <alinefm(a)br.ibm.com>
>
> Some browsers doesn't support well for the usage self-signed certs in the ssl
> websocket connection. For details, please see:
>
https://github.com/kanaka/websockify/wiki/Encrypted-Connections
>
> For chrome browser, the encrypted console connection should work after
> you login with ssl connection. But for firefox, it does not show a
> confirmation page for the user the accept the self-signed cert when
> the HTTPs connection is started from a websocket.
>
> So this patch makes use of the Web server in the websockify. The mini
> Web server in the websockify can serve static contents like html, css
> and js.
> This patch add a simple HTMl file (vnc_auto.html) to pages/novnc and have
> websockify serve this file.
>
> When the user clicks the VNC icon, Kimchi brings the user to
>
https://host:64667/vnc_auto.html, which is served by websockify. Then
> firefox would prompt a confirmation page for the self-signed cert. After
> the user accept the cert, the user will be redirected to noVNC page
> provided by Kimchi server.
>
> It is important to have Kimchi providing the noVNC page to be able to
> add authentication to console pages (vnc_auto.html and spice.html)
>
> Signed-off-by: Aline Manera <alinefm(a)br.ibm.com>
> Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com>
> Signed-off-by: Zhou Zheng Sheng <zhshzhou(a)linux.vnet.ibm.com>
> ---
> configure.ac | 1 +
> contrib/kimchi.spec.fedora.in | 1 +
> contrib/kimchi.spec.suse.in | 1 +
> src/kimchi/vnc.py | 3 ++-
> ui/js/src/kimchi.api.js | 8 ++------
> ui/pages/Makefile.am | 2 +-
> ui/pages/novnc/Makefile.am | 20 ++++++++++++++++++++
> ui/pages/novnc/vnc_auto.html | 22 ++++++++++++++++++++++
> 8 files changed, 50 insertions(+), 8 deletions(-)
> create mode 100644 ui/pages/novnc/Makefile.am
> create mode 100644 ui/pages/novnc/vnc_auto.html
>
> diff --git a/configure.ac b/configure.ac
> index 7d76f97..a16bca5 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -84,6 +84,7 @@ AC_CONFIG_FILES([
> ui/pages/help/en_US/Makefile
> ui/pages/help/pt_BR/Makefile
> ui/pages/help/zh_CN/Makefile
> + ui/pages/novnc/Makefile
> ui/pages/tabs/Makefile
> contrib/Makefile
> contrib/DEBIAN/Makefile
> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
> index 104c114..56314a2 100644
> --- a/contrib/kimchi.spec.fedora.in
> +++ b/contrib/kimchi.spec.fedora.in
> @@ -179,6 +179,7 @@ rm -rf $RPM_BUILD_ROOT
> %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
> %{_datadir}/kimchi/ui/pages/*.html.tmpl
> %{_datadir}/kimchi/ui/pages/help/*/*.html
> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
I think it should be *.html not *.html.tmpl
> %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
> %{_sysconfdir}/kimchi/kimchi.conf
> %{_sysconfdir}/kimchi/nginx.conf.in
> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
> index 7704822..6e269d9 100644
> --- a/contrib/kimchi.spec.suse.in
> +++ b/contrib/kimchi.spec.suse.in
> @@ -101,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
> %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
> %{_datadir}/kimchi/ui/pages/*.html.tmpl
> %{_datadir}/kimchi/ui/pages/help/*/*.html
> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
Same as above.
> %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
> %{_sysconfdir}/kimchi/kimchi.conf
> %{_sysconfdir}/kimchi/nginx.conf.in
> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
> index 3251f06..3f483f6 100644
> --- a/src/kimchi/vnc.py
> +++ b/src/kimchi/vnc.py
> @@ -44,7 +44,8 @@ def new_ws_proxy():
>
> cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
> args = ['python', cmd, config.get('display',
'display_proxy_port'),
> - '--target-config', WS_TOKENS_DIR, '--cert', cert,
'--key', key]
> + '--target-config', WS_TOKENS_DIR, '--cert', cert,
'--key', key,
> + '--web', os.path.join(paths.ui_dir, 'pages/novnc')]
> p = subprocess.Popen(args, close_fds=True)
> return p
>
> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
> index 6fcac6d..dcf9bd1 100644
> --- a/ui/js/src/kimchi.api.js
> +++ b/ui/js/src/kimchi.api.js
> @@ -318,20 +318,16 @@ var kimchi = {
> type : 'GET',
> dataType : 'json'
> }).done(function(data, textStatus, xhr) {
> - http_port = data['http_port'];
> proxy_port = data['display_proxy_port'];
> kimchi.requestJSON({
> url : "/vms/" + encodeURIComponent(vm) +
"/connect",
> type : "POST",
> dataType : "json"
> }).done(function() {
> - /**
> - * Due to problems with web sockets and self-signed
> - * certificates, for now we will always redirect to http
> - */
> - url = 'http://' + location.hostname + ':' +
http_port;
> + url = 'https://' + location.hostname + ':' +
proxy_port;
> url += "/vnc_auto.html?port=" + proxy_port;
> url += "&path=?token=" + encodeURIComponent(vm);
> + url += "&kimchi=" + location.port;
> url += '&encrypt=1'
> window.open(url);
> });
> diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am
> index 0c04a72..c3e61db 100644
> --- a/ui/pages/Makefile.am
> +++ b/ui/pages/Makefile.am
> @@ -15,7 +15,7 @@
> # See the License for the specific language governing permissions and
> # limitations under the License.
>
> -SUBDIRS = help tabs
> +SUBDIRS = help tabs novnc
>
> htmldir = $(datadir)/kimchi/ui/pages
>
> diff --git a/ui/pages/novnc/Makefile.am b/ui/pages/novnc/Makefile.am
> new file mode 100644
> index 0000000..f93f0c8
> --- /dev/null
> +++ b/ui/pages/novnc/Makefile.am
> @@ -0,0 +1,20 @@
> +#
> +# Kimchi
> +#
> +# Copyright IBM, Corp. 2014
> +#
> +# Licensed under the Apache License, Version 2.0 (the "License");
> +# you may not use this file except in compliance with the License.
> +# You may obtain a copy of the License at
> +#
> +#
http://www.apache.org/licenses/LICENSE-2.0
> +#
> +# Unless required by applicable law or agreed to in writing, software
> +# distributed under the License is distributed on an "AS IS" BASIS,
> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> +# See the License for the specific language governing permissions and
> +# limitations under the License.
> +
> +novnchtmldir = $(datadir)/kimchi/ui/pages/novnc
> +
> +dist_novnchtml_DATA = $(wildcard *.html.tmpl) $(NULL)
I think it should be just "vnc_auto.html", since there is no
".html.tmpl" file in this directory.
> diff --git a/ui/pages/novnc/vnc_auto.html b/ui/pages/novnc/vnc_auto.html
> new file mode 100644
> index 0000000..f702dc9
> --- /dev/null
> +++ b/ui/pages/novnc/vnc_auto.html
> @@ -0,0 +1,22 @@
> +<!DOCTYPE html>
> +<html>
> + <head>
> + <script type="text/javascript">
> + redirectToKimchi = function() {
> + var query = window.location.search;
> + var match = /.*kimchi=(.*?)(&|$)/g.exec(query);
> + if (match != null) {
> + query = query.replace("kimchi=" + match[1] +
"&", "")
> + query = query.replace("kimchi=" + match[1], "")
> +
> + url = "https://" + location.hostname + ":" +
match[1];
> + url += location.pathname + query
> +
> + window.location.replace(url)
> + }
> + }
> + </script>
> + </head>
> +
> + <body onload="redirectToKimchi()"/>
> +</html>
>