[ovirt-users] IPv6 Functionality for WebSocket Proxy

Donny Davis donny at cloudspin.me
Thu Dec 18 11:06:07 EST 2014

I just realized this morning that my noVNC connections were not working for
IPv6 only on cloudspin.me

For those who want to deploy dual stack functionality for
ovirt-websocket-proxy here is a very simple and elegant fix. 


NGINX is a useful tool :)


You will need nginx to proxy the connection between your IPv6 customers, and
the IPv4 listening only websocket proxy(however that can be changed in
.conf but you can't have your cake and eat it too. one or the other ipv4 or

Anyways, here is the fix


Install nginx on your websocket proxy server - Why Nginx, because I like it
better than apache. The default config for Ovirt could be setup to do this
with the web server that is already running :) just sayin

For my configuration I am running the websocket proxy on a different host,
but I imagine you could use this config in a full deployment and use
websocket proxy on the engine host


server {

        server_name web.cloudspin.me; # this is the hostname that you told
the engine that the websocket proxy would be listening on

        #listen 6100;             #Commented because I am using this for
ipv6 only, but you could use nginx to proxy both and only open one port in
the firewall

        listen [::]:6100 ssl;     #NOTE this needs to listen on the same
port you told the engine the websocket proxy would be listening on   

        ssl_certificate           /physical/path/to/ssl/cert; #I used the
same cert that my websocket proxy is using

        ssl_certificate_key       /physical/path/to/ssl/key;


        ssl on;

        ssl_session_cache  builtin:1000  shared:SSL:10m;

        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;


        ssl_prefer_server_ciphers on;


        access_log /var/log/nginx/websocket.cloudspin.me-access.log;

        error_log /var/log/nginx/websocket.cloudspin.me-error.log;


        location / {

            proxy_pass https://ip_address_of_websocket_proxy:6100;

          proxy_http_version 1.1;

          proxy_set_header Upgrade $http_upgrade;

          proxy_set_header Connection "upgrade";






Too easy to fix the many problems I have had getting websocket proxy to
work. If you have a commerical cert and key, this would be a great place to
put it, so your users don't have to bother with trusting your CA, it will
just work 


Cheers and I hope this helps


If anyone needs any help getting this to work give me a shout


Donny D





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20141218/c5aa1d46/attachment.html>

More information about the Users mailing list