[Users] Spice-proxy questions

Gianluca Cecchi gianluca.cecchi at gmail.com
Fri Jan 24 18:06:00 UTC 2014


On Fri, Jan 24, 2014 at 6:58 PM, David Jaša  wrote:
> On Pá, 2014-01-24 at 18:45 +0100, David Jaša wrote:
>> On Pá, 2014-01-24 at 09:39 -0800, David Li wrote:
>> > David,
>> >
>> > With SpiceProxy, should I point my admin portal browser to http://proxy_ip_or_fqdn:port? Does it matter which port number to use?
>>
>> Both FQDN/IP and port do matter. You have to set them so they point to a
>> running http proxy server instance (e.g. squid). Engine won't set up a
>> spice-capable http proxy
>
> Just to clarify: you need to tell squid to permit connections to spice
> port range (5900-6144 IIRC). It only allows connections to http ports by
> default.
>
> David
>
>> for you, you have to take care of it yoursef.
>>
>> What engine can do for you is to configure websocket proxy that allows
>> connections by html5 client (the one that runs entirely in browser).
>>
>> David

On my CentOS 5.10 server (10.4.4.63) that is the squid proxy for
engine I have this configuration that works

[root at c510 squid]# diff squid.conf squid.conf.orig
578,582d577
<
< acl localnet src 10.4.3.0/24    # RFC1918 possible internal network
< acl localnet src 10.4.23.0/24    # RFC1918 possible internal network
< acl localnet src 10.4.4.0/24    # RFC1918 possible internal network
<
625c620
< #http_access deny CONNECT !SSL_ports
---
> http_access deny CONNECT !SSL_ports
639d633
< http_access allow localnet
927,928c921
< #http_port 3128
< http_port 80
---
> http_port 3128

My clients where I run the browser that connects to engine (10.4.4.58)
are on 10.4.3.0, 10.4.4.0 or 10.4.23.0 networks.
No iptables on proxy server
oVirt hosts are on 10.4.4.0 netowrk too.

HIH,
Gianluca



More information about the Users mailing list