I will. I wish there was more documentation on how all of this works. My current test sniffing the network show that actually the traffic is not on the port as defined in the console file but on the tls-port of that file. so I am a little confused how all of this works. And since everything is SSLed it is quite difficult to know what is happening
Hi,
I don’t entirely follow your steps, but let me try to describe the ovirt specific implementation. spice-html5 used to work, but we removed it couple releases back since it’s not performing well and it’s not maintained much. It worked the same way as novnc.
We need to secure the communication between the client and the proxy(which is done by wss) and also make sure that only authorized targets are being proxied, and not any random request.
In oVirt we add one more layer to the stock novnc-websockify communication. It could be that websockify added these options later on but when we integrated these consoles it had nothing.
We modified the client to sign the request for proxy that is verified by the (also modified) proxy. There are small changes but they would need to be done for any other client you’re trying to use (and for the proxy if you’d want to use a non-ovirt websockify)
HTH.
michal