Hi Jason, Sorry about the late reply! I usually reply fast on kimchi-devel ML :-) Let me try to explain the content of /etc/nginx/conf.d/wok.conf I am not sure what is the exactly version you are using, but the current upstream file content is https://github.com/kimchi-project/wok/blob/master/src/nginx/wok.conf I will take it as reference. As you can see in this file, there are 2 server instances described there: lines 28 and 79. The server on line 28 is for HTTPS access and is properly defined as 0.0.0.0 on port 8001 The server on line 79 is for HTTP access and it is also properly defined as 0.0.0.0 on port 8000. The HTTP server will *always* redirect the requests to HTTPS. The lines 24-26 are for websockets connection and should not be expose outside, ie, it should run on localhost and proxy by nginx to the right port. So you should not change it to 0.0.0.0 The lines 52-62 describe what to do on requests received. There you will see '127.0.0.1:8010' because it is where the cherrypy instance launched by Wok is running. You should not change it to 0.0.0.0 because you will expose the whole API which runs as root to outside which is bad IMO. :-) So basically, you should not change the content of /etc/nginx/conf.d/wok.conf unless you want to change the ports to listen on. The SElinux configuration needed to expose the server outside is really needed and are described at https://github.com/kimchi-project/wok/blob/master/docs/troubleshooting.md So hope all that helps you understand how the things work together. Please, let me know on any other doubt or feedback. Regards, Aline Manera On 05/04/2017 10:40 PM, Jason Jack wrote:

Kimchi Dev,

I didn't want to post an issue, because I solved it, but I think it'd be useful to post a README update on how to update Wok to to listen on all network devices so as to be accessed outside of localhost.

I was able to do so by updating /etc/nginx/conf.d/wok.conf to change 127.0.0.1 to 0.0.0.0 and then updating semanage rules:

(on Centos 7)

sudo systemctl stop wokd sudo systemctl stop nginx sudo sed -ri 's/127.0.0.1/0.0.0.0/g' /etc/nginx/conf.d/wok.conf sudo semanage port -a -t http_port_t -p tcp 8001 sudo semanage port -a -t http_port_t -p tcp 8010 sudo semanage port -m -t http_port_t -p tcp 8000 sudo systemctl start wokd

Then after accessing from another machine I had to accept the SSL certificates first, where it redirected me to http://127.0.0.1:8010/login.html, which was confusing. Back after going back to https://my-kimchi-host:8001 the login page successfully loaded.

I found this confusing and couldn't find any documentation or guide. I think others may find this information useful. Should I post this to the issue board for feedback?

Sincerely, Jason _______________________________________________ Kimchi-users mailing list Kimchi-users@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-users