From: Aline Manera <alinefm(a)br.ibm.com>
When a non-authenticated user tries to access the URL
http://host-ip:port/vnc.html?port=64667&path=?token=<my-vm>&...
Kimchi server will return 401 error code before loading the HTML file.
So we need to redirect the 401 error for vnc_auto.html and spice.html
pages to Kimchi default page which will require the user authentication to
proceed.
Also save the current console page to redirect user to properly location
after logging.
Signed-off-by: Aline Manera <alinefm(a)br.ibm.com>
---
src/nginx.conf.in | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
index c339e56..ec7bee8 100644
--- a/src/nginx.conf.in
+++ b/src/nginx.conf.in
@@ -55,7 +55,22 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect
http://127.0.0.1:$kimchid_port/
https://$host:$proxy_ssl_port/;
+ }
+
+ location ~/(vnc_auto|spice\.html) {
+ if ($uri ~ /vnc_auto.html) {
+ add_header Set-Cookie "console_type=vnc";
+ add_header Set-Cookie "console_uri=$request_uri";
+ }
+ if ($uri ~ /spice.html) {
+ add_header Set-Cookie "console_type=spice";
+ add_header Set-Cookie "console_uri=$request_uri";
+ }
+
+ proxy_pass
http://127.0.0.1:$kimchid_port;
+ proxy_intercept_errors on;
+ error_page 401 https://$host:$proxy_ssl_port/;
}
}
--
1.7.10.4