[Kimchi-devel] [PATCH 3/6] Make use of the mini Web server in the websockify
Aline Manera
alinefm at linux.vnet.ibm.com
Sun May 4 14:31:17 UTC 2014
On 05/04/2014 04:23 AM, Zhou Zheng Sheng wrote:
> on 2014/05/02 08:49, Aline Manera wrote:
>> From: Aline Manera <alinefm at br.ibm.com>
>>
>> Some browsers doesn't support well for the usage self-signed certs in the ssl
>> websocket connection. For details, please see:
>> https://github.com/kanaka/websockify/wiki/Encrypted-Connections
>>
>> For chrome browser, the encrypted console connection should work after
>> you login with ssl connection. But for firefox, it does not show a
>> confirmation page for the user the accept the self-signed cert when
>> the HTTPs connection is started from a websocket.
>>
>> So this patch makes use of the Web server in the websockify. The mini
>> Web server in the websockify can serve static contents like html, css
>> and js.
>> This patch add a simple HTMl file (vnc_auto.html) to pages/novnc and have
>> websockify serve this file.
>>
>> When the user clicks the VNC icon, Kimchi brings the user to
>> https://host:64667/vnc_auto.html, which is served by websockify. Then
>> firefox would prompt a confirmation page for the self-signed cert. After
>> the user accept the cert, the user will be redirected to noVNC page
>> provided by Kimchi server.
>>
>> It is important to have Kimchi providing the noVNC page to be able to
>> add authentication to console pages (vnc_auto.html and spice.html)
>>
>> Signed-off-by: Aline Manera <alinefm at br.ibm.com>
>> Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
>> Signed-off-by: Zhou Zheng Sheng <zhshzhou at linux.vnet.ibm.com>
>> ---
>> configure.ac | 1 +
>> contrib/kimchi.spec.fedora.in | 1 +
>> contrib/kimchi.spec.suse.in | 1 +
>> src/kimchi/vnc.py | 3 ++-
>> ui/js/src/kimchi.api.js | 8 ++------
>> ui/pages/Makefile.am | 2 +-
>> ui/pages/novnc/Makefile.am | 20 ++++++++++++++++++++
>> ui/pages/novnc/vnc_auto.html | 22 ++++++++++++++++++++++
>> 8 files changed, 50 insertions(+), 8 deletions(-)
>> create mode 100644 ui/pages/novnc/Makefile.am
>> create mode 100644 ui/pages/novnc/vnc_auto.html
>>
>> diff --git a/configure.ac b/configure.ac
>> index 7d76f97..a16bca5 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -84,6 +84,7 @@ AC_CONFIG_FILES([
>> ui/pages/help/en_US/Makefile
>> ui/pages/help/pt_BR/Makefile
>> ui/pages/help/zh_CN/Makefile
>> + ui/pages/novnc/Makefile
>> ui/pages/tabs/Makefile
>> contrib/Makefile
>> contrib/DEBIAN/Makefile
>> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
>> index 104c114..56314a2 100644
>> --- a/contrib/kimchi.spec.fedora.in
>> +++ b/contrib/kimchi.spec.fedora.in
>> @@ -179,6 +179,7 @@ rm -rf $RPM_BUILD_ROOT
>> %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
>> %{_datadir}/kimchi/ui/pages/*.html.tmpl
>> %{_datadir}/kimchi/ui/pages/help/*/*.html
>> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
> I think it should be *.html not *.html.tmpl
>
>> %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
>> %{_sysconfdir}/kimchi/kimchi.conf
>> %{_sysconfdir}/kimchi/nginx.conf.in
>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>> index 7704822..6e269d9 100644
>> --- a/contrib/kimchi.spec.suse.in
>> +++ b/contrib/kimchi.spec.suse.in
>> @@ -101,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
>> %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
>> %{_datadir}/kimchi/ui/pages/*.html.tmpl
>> %{_datadir}/kimchi/ui/pages/help/*/*.html
>> +%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
> Same as above.
>
>> %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
>> %{_sysconfdir}/kimchi/kimchi.conf
>> %{_sysconfdir}/kimchi/nginx.conf.in
>> diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
>> index 3251f06..3f483f6 100644
>> --- a/src/kimchi/vnc.py
>> +++ b/src/kimchi/vnc.py
>> @@ -44,7 +44,8 @@ def new_ws_proxy():
>>
>> cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
>> args = ['python', cmd, config.get('display', 'display_proxy_port'),
>> - '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key]
>> + '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key,
>> + '--web', os.path.join(paths.ui_dir, 'pages/novnc')]
>> p = subprocess.Popen(args, close_fds=True)
>> return p
>>
>> diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
>> index 6fcac6d..dcf9bd1 100644
>> --- a/ui/js/src/kimchi.api.js
>> +++ b/ui/js/src/kimchi.api.js
>> @@ -318,20 +318,16 @@ var kimchi = {
>> type : 'GET',
>> dataType : 'json'
>> }).done(function(data, textStatus, xhr) {
>> - http_port = data['http_port'];
>> proxy_port = data['display_proxy_port'];
>> kimchi.requestJSON({
>> url : "/vms/" + encodeURIComponent(vm) + "/connect",
>> type : "POST",
>> dataType : "json"
>> }).done(function() {
>> - /**
>> - * Due to problems with web sockets and self-signed
>> - * certificates, for now we will always redirect to http
>> - */
>> - url = 'http://' + location.hostname + ':' + http_port;
>> + url = 'https://' + location.hostname + ':' + proxy_port;
>> url += "/vnc_auto.html?port=" + proxy_port;
>> url += "&path=?token=" + encodeURIComponent(vm);
>> + url += "&kimchi=" + location.port;
>> url += '&encrypt=1'
>> window.open(url);
>> });
>> diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am
>> index 0c04a72..c3e61db 100644
>> --- a/ui/pages/Makefile.am
>> +++ b/ui/pages/Makefile.am
>> @@ -15,7 +15,7 @@
>> # See the License for the specific language governing permissions and
>> # limitations under the License.
>>
>> -SUBDIRS = help tabs
>> +SUBDIRS = help tabs novnc
>>
>> htmldir = $(datadir)/kimchi/ui/pages
>>
>> diff --git a/ui/pages/novnc/Makefile.am b/ui/pages/novnc/Makefile.am
>> new file mode 100644
>> index 0000000..f93f0c8
>> --- /dev/null
>> +++ b/ui/pages/novnc/Makefile.am
>> @@ -0,0 +1,20 @@
>> +#
>> +# Kimchi
>> +#
>> +# Copyright IBM, Corp. 2014
>> +#
>> +# Licensed under the Apache License, Version 2.0 (the "License");
>> +# you may not use this file except in compliance with the License.
>> +# You may obtain a copy of the License at
>> +#
>> +# http://www.apache.org/licenses/LICENSE-2.0
>> +#
>> +# Unless required by applicable law or agreed to in writing, software
>> +# distributed under the License is distributed on an "AS IS" BASIS,
>> +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> +# See the License for the specific language governing permissions and
>> +# limitations under the License.
>> +
>> +novnchtmldir = $(datadir)/kimchi/ui/pages/novnc
>> +
>> +dist_novnchtml_DATA = $(wildcard *.html.tmpl) $(NULL)
> I think it should be just "vnc_auto.html", since there is no
> ".html.tmpl" file in this directory.
I will fix it in next version.
>
>> diff --git a/ui/pages/novnc/vnc_auto.html b/ui/pages/novnc/vnc_auto.html
>> new file mode 100644
>> index 0000000..f702dc9
>> --- /dev/null
>> +++ b/ui/pages/novnc/vnc_auto.html
>> @@ -0,0 +1,22 @@
>> +<!DOCTYPE html>
>> +<html>
>> + <head>
>> + <script type="text/javascript">
>> + redirectToKimchi = function() {
>> + var query = window.location.search;
>> + var match = /.*kimchi=(.*?)(&|$)/g.exec(query);
>> + if (match != null) {
>> + query = query.replace("kimchi=" + match[1] + "&", "")
>> + query = query.replace("kimchi=" + match[1], "")
>> +
>> + url = "https://" + location.hostname + ":" + match[1];
>> + url += location.pathname + query
>> +
>> + window.location.replace(url)
>> + }
>> + }
>> + </script>
>> + </head>
>> +
>> + <body onload="redirectToKimchi()"/>
>> +</html>
>>
>
More information about the Kimchi-devel
mailing list