Signed-off-by: Rob Lemley <rob.lemley@rochester.edu> --- configure.ac | 1 - docs/README.md | 5 +---- src/firewalld.xml | 1 - src/nginx/wok.conf.in | 15 +++++++++++++ src/wok/plugins/kimchi/config.py.in | 6 +++++- src/wok/plugins/kimchi/configure.ac | 1 + src/wok/plugins/kimchi/docs/README.md | 5 +---- src/wok/plugins/kimchi/model/config.py | 2 ++ src/wok/plugins/kimchi/ui/Makefile.am | 2 +- src/wok/plugins/kimchi/ui/js/src/kimchi.api.js | 18 ++++++++-------- src/wok/plugins/kimchi/ui/pages/storage.html.tmpl | 5 +---- .../kimchi/ui/spice-html5/pages/spice_auto.html | 2 +- src/wok/plugins/kimchi/ui/websockify/Makefile.am | 22 +++++++++++++++++++ src/wok/plugins/kimchi/ui/websockify/console.html | 25 ++++++++++++++++++++++ src/wok/plugins/kimchi/vnc.py | 4 ++-- src/wok/proxy.py | 1 + src/wokd.in | 1 + ui/pages/Makefile.am | 2 -- ui/pages/websockify/Makefile.am | 22 ------------------- ui/pages/websockify/console.html | 25 ---------------------- 20 files changed, 88 insertions(+), 77 deletions(-) create mode 100644 src/wok/plugins/kimchi/ui/websockify/Makefile.am create mode 100644 src/wok/plugins/kimchi/ui/websockify/console.html delete mode 100644 ui/pages/websockify/Makefile.am delete mode 100644 ui/pages/websockify/console.html diff --git a/configure.ac b/configure.ac index 67c3920..d79de7a 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,6 @@ AC_CONFIG_FILES([ ui/libs/jquery-ui/themes/base/Makefile ui/libs/jquery-ui/themes/base/images/Makefile ui/pages/Makefile - ui/pages/websockify/Makefile contrib/Makefile contrib/DEBIAN/Makefile contrib/DEBIAN/control diff --git a/docs/README.md b/docs/README.md index f0b8697..2686eff 100644 --- a/docs/README.md +++ b/docs/README.md @@ -119,26 +119,23 @@ Run If you cannot access Wok, take a look at these 2 points: 1. Firewall: -Wok uses by default the ports 8000, 8001 and 64667. To allow incoming connections: +Wok uses by default the ports 8000 and 8001. To allow incoming connections: For system using firewalld, do: $ sudo firewall-cmd --add-port=8000/tcp --permanent $ sudo firewall-cmd --add-port=8001/tcp --permanent - $ sudo firewall-cmd --add-port=64667/tcp --permanent $ sudo firewall-cmd --reload For openSUSE systems, do: $ sudo /sbin/SuSEfirewall2 open EXT TCP 8000 $ sudo /sbin/SuSEfirewall2 open EXT TCP 8001 - $ sudo /sbin/SuSEfirewall2 open EXT TCP 64667 For system using iptables, do: $ sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT $ sudo iptables -A INPUT -p tcp --dport 8001 -j ACCEPT - $ sudo iptables -A INPUT -p tcp --dport 64667 -j ACCEPT Don't forget to correctly save the rules. diff --git a/src/firewalld.xml b/src/firewalld.xml index ff9fafe..3a564fe 100644 --- a/src/firewalld.xml +++ b/src/firewalld.xml @@ -4,5 +4,4 @@ <description>wokd is a daemon service for wok which is a web framework.</description> <port protocol="tcp" port="8000"/> <port protocol="tcp" port="8001"/> - <port protocol="tcp" port="64667"/> </service> diff --git a/src/nginx/wok.conf.in b/src/nginx/wok.conf.in index db68893..16b0201 100644 --- a/src/nginx/wok.conf.in +++ b/src/nginx/wok.conf.in @@ -49,6 +49,15 @@ http { proxy_read_timeout 600; send_timeout 600; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + upstream websocket { + server 127.0.0.1:${display_proxy_port}; + } + server { listen ${proxy_ssl_port} ssl; @@ -71,6 +80,12 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect http://127.0.0.1:${wokd_port}/ https://$host:${proxy_ssl_port}/; } + location /websockify { + proxy_pass http://websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } } server { diff --git a/src/wok/plugins/kimchi/config.py.in b/src/wok/plugins/kimchi/config.py.in index 6ae0ccd..425eaed 100644 --- a/src/wok/plugins/kimchi/config.py.in +++ b/src/wok/plugins/kimchi/config.py.in @@ -81,6 +81,8 @@ class KimchiPaths(PluginPaths): super(KimchiPaths, self).__init__('kimchi') self.spice_file = os.path.join(self.ui_dir, 'spice-html5/pages/spice_auto.html') + self.console_file = os.path.join(self.ui_dir, + 'websockify/console.html') if __with_spice__ == 'yes': self.spice_dir = self.add_prefix('ui/spice-html5') @@ -115,7 +117,9 @@ class KimchiConfig(PluginConfig): '/spice_auto.html': {'type': 'file', 'path': kimchiPaths.spice_file}, '/spice-html5/spice.css': {'type': 'file', - 'path': kimchiPaths.spice_css_file}} + 'path': kimchiPaths.spice_css_file}, + '/websockify/console.html': {'type': 'file', + 'path': kimchiPaths.console_file}} custom_config = {} for uri, data in static_config.iteritems(): diff --git a/src/wok/plugins/kimchi/configure.ac b/src/wok/plugins/kimchi/configure.ac index adab45b..3eeb4b3 100644 --- a/src/wok/plugins/kimchi/configure.ac +++ b/src/wok/plugins/kimchi/configure.ac @@ -105,6 +105,7 @@ AC_CONFIG_FILES([ ui/pages/help/ru_RU/Makefile ui/pages/help/zh_CN/Makefile ui/pages/help/zh_TW/Makefile + ui/websockify/Makefile contrib/Makefile contrib/DEBIAN/Makefile contrib/DEBIAN/control diff --git a/src/wok/plugins/kimchi/docs/README.md b/src/wok/plugins/kimchi/docs/README.md index fb0aef9..3c30d8e 100644 --- a/src/wok/plugins/kimchi/docs/README.md +++ b/src/wok/plugins/kimchi/docs/README.md @@ -135,23 +135,20 @@ Run If you cannot access Wok, take a look at these 2 points: 1. Firewall -Wok uses by default the ports 8000, 8001 and 64667. To allow incoming connections: +Wok uses by default the ports 8000 and 8001. To allow incoming connections: For system using firewalld, do: sudo firewall-cmd --add-port=8000/tcp --permanent sudo firewall-cmd --add-port=8001/tcp --permanent - sudo firewall-cmd --add-port=64667/tcp --permanent sudo firewall-cmd --reload For openSUSE systems, do: sudo /sbin/SuSEfirewall2 open EXT TCP 8000 sudo /sbin/SuSEfirewall2 open EXT TCP 8001 - sudo /sbin/SuSEfirewall2 open EXT TCP 64667 For system using iptables, do: sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 8001 -j ACCEPT - sudo iptables -A INPUT -p tcp --dport 64667 -j ACCEPT Don't forget to correctly save the rules. diff --git a/src/wok/plugins/kimchi/model/config.py b/src/wok/plugins/kimchi/model/config.py index b6cc4d9..cc7fe4d 100644 --- a/src/wok/plugins/kimchi/model/config.py +++ b/src/wok/plugins/kimchi/model/config.py @@ -42,7 +42,9 @@ class ConfigModel(object): def lookup(self, name): proxy_port = kconfig.get('display', 'display_proxy_port') + ssl_port = kconfig.get('server', 'ssl_port') return {'display_proxy_port': proxy_port, + 'ssl_port': ssl_port, 'version': get_version()} diff --git a/src/wok/plugins/kimchi/ui/Makefile.am b/src/wok/plugins/kimchi/ui/Makefile.am index 21fe703..62bcfeb 100644 --- a/src/wok/plugins/kimchi/ui/Makefile.am +++ b/src/wok/plugins/kimchi/ui/Makefile.am @@ -15,6 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -SUBDIRS = config css images js pages spice-html5 +SUBDIRS = config css images js pages spice-html5 websockify uidir = $(datadir)/wok/plugins/kimchi/ui diff --git a/src/wok/plugins/kimchi/ui/js/src/kimchi.api.js b/src/wok/plugins/kimchi/ui/js/src/kimchi.api.js index c82d040..0e784f5 100644 --- a/src/wok/plugins/kimchi/ui/js/src/kimchi.api.js +++ b/src/wok/plugins/kimchi/ui/js/src/kimchi.api.js @@ -343,16 +343,16 @@ var kimchi = { type : 'GET', dataType : 'json' }).done(function(data, textStatus, xhr) { - proxy_port = data['display_proxy_port']; + ssl_port = data['ssl_port']; wok.requestJSON({ url : "plugins/kimchi/vms/" + encodeURIComponent(vm) + "/connect", type : "POST", dataType : "json" }).done(function() { - url = 'https://' + location.hostname + ':' + proxy_port; - url += "/console.html?url="; + url = 'https://' + location.hostname + ':' + ssl_port; + url += "/plugins/kimchi/websockify/console.html?url="; url += encodeURIComponent("plugins/kimchi/novnc/vnc_auto.html"); - url += "&port=" + proxy_port; + url += "&port=" + ssl_port; /* * From python documentation base64.urlsafe_b64encode(s) * substitutes - instead of + and _ instead of / in the @@ -360,7 +360,7 @@ var kimchi = { * contain = which is not safe in a URL query component. * So remove it when needed as base64 can work well without it. * */ - url += "&path=?token=" + wok.urlSafeB64Encode(vm).replace(/=*$/g, ""); + url += "&path=websockify?token=" + wok.urlSafeB64Encode(vm).replace(/=*$/g, ""); url += "&wok=" + location.port; url += '&encrypt=1'; window.open(url); @@ -376,15 +376,15 @@ var kimchi = { type : 'GET', dataType : 'json' }).done(function(data, textStatus, xhr) { - proxy_port = data['display_proxy_port']; + ssl_port = data['ssl_port']; wok.requestJSON({ url : "plugins/kimchi/vms/" + encodeURIComponent(vm) + "/connect", type : "POST", dataType : "json" }).done(function(data, textStatus, xhr) { - url = 'https://' + location.hostname + ':' + proxy_port; - url += "/console.html?url=plugins/kimchi/spice_auto.html"; - url += "&port=" + proxy_port + "&listen=" + location.hostname; + url = 'https://' + location.hostname + ':' + ssl_port; + url += "/plugins/kimchi/websockify/console.html?url=plugins/kimchi/spice_auto.html"; + url += "&port=" + ssl_port + "&listen=" + location.hostname; /* * From python documentation base64.urlsafe_b64encode(s) * substitutes - instead of + and _ instead of / in the diff --git a/src/wok/plugins/kimchi/ui/pages/storage.html.tmpl b/src/wok/plugins/kimchi/ui/pages/storage.html.tmpl index dfc006e..7b51a8b 100644 --- a/src/wok/plugins/kimchi/ui/pages/storage.html.tmpl +++ b/src/wok/plugins/kimchi/ui/pages/storage.html.tmpl @@ -37,10 +37,7 @@ <div class="grid-control"><input type="text" class="filter" placeholder="$_("Filter")"></div> <div id='storageGrid'> <div> - <span class="storage-name"> - <span>$_("Name")</span> - <span class="usage">$_("%Used")</span> - </span> + <span class="storage-name">$_("Name")</span> <span class="storage-state" >$_("State")</span> <span class="storage-type">$_("Type")</span> <span class="storage-capacity">$_("Capacity")</span> diff --git a/src/wok/plugins/kimchi/ui/spice-html5/pages/spice_auto.html b/src/wok/plugins/kimchi/ui/spice-html5/pages/spice_auto.html index c87f5c2..91ddadb 100644 --- a/src/wok/plugins/kimchi/ui/spice-html5/pages/spice_auto.html +++ b/src/wok/plugins/kimchi/ui/spice-html5/pages/spice_auto.html @@ -143,7 +143,7 @@ * to point wok.user to a specific console represented by * token value. */ - uri = scheme + host + ":" + port + "/?token=" + token; + uri = scheme + host + ":" + port + "/websockify?token=" + token; try { diff --git a/src/wok/plugins/kimchi/ui/websockify/Makefile.am b/src/wok/plugins/kimchi/ui/websockify/Makefile.am new file mode 100644 index 0000000..ca3ddc3 --- /dev/null +++ b/src/wok/plugins/kimchi/ui/websockify/Makefile.am @@ -0,0 +1,22 @@ +# +# Project Wok +# +# Copyright IBM, Corp. 2014-2015 +# +# Code derived from Project Kimchi +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +websockifyhtmldir = $(datadir)/wok/ui/pages/websockify + +dist_websockifyhtml_DATA = $(wildcard *.html) $(NULL) diff --git a/src/wok/plugins/kimchi/ui/websockify/console.html b/src/wok/plugins/kimchi/ui/websockify/console.html new file mode 100644 index 0000000..e0a3cd4 --- /dev/null +++ b/src/wok/plugins/kimchi/ui/websockify/console.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<html> + <head> + <script type="text/javascript"> + redirectToWok = function() { + var query = window.location.search; + + var path = /.*url=(.*?)(&|$)/g.exec(query)[1]; + query = query.replace("url=" + path + "&", "") + query = query.replace("url=" + path, "") + + var wok_port = /.*wok=(.*?)(&|$)/g.exec(query)[1]; + query = query.replace("wok=" + wok_port + "&", "") + query = query.replace("wok=" + wok_port, "") + + var url = "https://" + location.hostname + ":" + wok_port + "/"; + url += decodeURIComponent(path) + query + + window.location.replace(url) + } + </script> + </head> + + <body onload="redirectToWok()"/> +</html> diff --git a/src/wok/plugins/kimchi/vnc.py b/src/wok/plugins/kimchi/vnc.py index 2532449..5d10bc6 100644 --- a/src/wok/plugins/kimchi/vnc.py +++ b/src/wok/plugins/kimchi/vnc.py @@ -43,10 +43,10 @@ def new_ws_proxy(): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir - params = {'web': os.path.join(paths.ui_dir, 'pages/websockify'), + params = {'listen_host': '127.0.0.1', 'listen_port': config.get('display', 'display_proxy_port'), 'target_cfg': WS_TOKENS_DIR, - 'key': key, 'cert': cert, 'ssl_only': True} + 'ssl_only': False} def start_proxy(): server = WebSocketProxy(**params) diff --git a/src/wok/proxy.py b/src/wok/proxy.py index 46ce857..f9f1607 100644 --- a/src/wok/proxy.py +++ b/src/wok/proxy.py @@ -82,6 +82,7 @@ def _create_proxy_config(options): proxy_port=options.port, wokd_port=options.cherrypy_port, proxy_ssl_port=options.ssl_port, + display_proxy_port=options.display_proxy_port, cert_pem=cert, cert_key=key, max_body_size=eval(options.max_body_size), dhparams_pem=dhparams_pem) diff --git a/src/wokd.in b/src/wokd.in index c5510fd..a23fcfc 100644 --- a/src/wokd.in +++ b/src/wokd.in @@ -94,6 +94,7 @@ def main(options): setattr(options, 'ssl_key', config.config.get('server', 'ssl_key')) setattr(options, 'max_body_size', config.config.get('server', 'max_body_size')) + setattr(options, 'display_proxy_port', config.config.get('display', 'display_proxy_port')) wok.server.main(options) diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am index 2488203..85faa80 100644 --- a/ui/pages/Makefile.am +++ b/ui/pages/Makefile.am @@ -17,8 +17,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -SUBDIRS = websockify - htmldir = $(datadir)/wok/ui/pages dist_html_DATA = $(wildcard *.tmpl) $(NULL) diff --git a/ui/pages/websockify/Makefile.am b/ui/pages/websockify/Makefile.am deleted file mode 100644 index ca3ddc3..0000000 --- a/ui/pages/websockify/Makefile.am +++ /dev/null @@ -1,22 +0,0 @@ -# -# Project Wok -# -# Copyright IBM, Corp. 2014-2015 -# -# Code derived from Project Kimchi -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -websockifyhtmldir = $(datadir)/wok/ui/pages/websockify - -dist_websockifyhtml_DATA = $(wildcard *.html) $(NULL) diff --git a/ui/pages/websockify/console.html b/ui/pages/websockify/console.html deleted file mode 100644 index e0a3cd4..0000000 --- a/ui/pages/websockify/console.html +++ /dev/null @@ -1,25 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <script type="text/javascript"> - redirectToWok = function() { - var query = window.location.search; - - var path = /.*url=(.*?)(&|$)/g.exec(query)[1]; - query = query.replace("url=" + path + "&", "") - query = query.replace("url=" + path, "") - - var wok_port = /.*wok=(.*?)(&|$)/g.exec(query)[1]; - query = query.replace("wok=" + wok_port + "&", "") - query = query.replace("wok=" + wok_port, "") - - var url = "https://" + location.hostname + ":" + wok_port + "/"; - url += decodeURIComponent(path) + query - - window.location.replace(url) - } - </script> - </head> - - <body onload="redirectToWok()"/> -</html> -- 1.8.3.1