[Users] Spice-proxy questions
David Li
david_li at sbcglobal.net
Fri Jan 24 19:45:09 UTC 2014
David
I set up the squid proxy on the same machine as ovirt-engine. I have this in squid.conf:
-------------------
acl localhost src 10.10.2.143/32 # for the machine running the browser
#safe ports
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports <---------- will this allow connections to spice port range (5900-6144 IIRC).???
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
# Squid normally listens to port 3128
http_port 3128
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
-------------------------
and set my SpiceProxyDefault=http://10.10.2.143:3128
So far, this is still not working. The Spice popup window still fails to connect to the graphics server and html5 browser window remains blank.
Are there any log files that can be used to debug this?
Thanks.
----- Original Message -----
> From: David Jaša <djasa at redhat.com>
> To: David Li <david_li at sbcglobal.net>
> Cc: "users at ovirt.org" <users at ovirt.org>
> Sent: Friday, January 24, 2014 9:58 AM
> Subject: Re: [Users] Spice-proxy questions
>
> On Pá, 2014-01-24 at 18:45 +0100, David Jaša wrote:
>> On Pá, 2014-01-24 at 09:39 -0800, David Li wrote:
>> > David,
>> >
>> > With SpiceProxy, should I point my admin portal browser to
> http://proxy_ip_or_fqdn:port? Does it matter which port number to use?
>>
>> Both FQDN/IP and port do matter. You have to set them so they point to a
>> running http proxy server instance (e.g. squid). Engine won't set up a
>> spice-capable http proxy
>
> Just to clarify: you need to tell squid to permit connections to spice
> port range (5900-6144 IIRC). It only allows connections to http ports by
> default.
>
> David
>
>> for you, you have to take care of it yoursef.
>>
>> What engine can do for you is to configure websocket proxy that allows
>> connections by html5 client (the one that runs entirely in browser).
>>
>> David
>>
>> >
>> >
>> >
>> >
>> > ----- Original Message -----
>> > > From: David Jaša <djasa at redhat.com>
>> > > To: David Li <david_li at sbcglobal.net>
>> > > Cc: Itamar Heim <iheim at redhat.com>;
> "users at ovirt.org" <users at ovirt.org>
>> > > Sent: Friday, January 24, 2014 1:48 AM
>> > > Subject: Re: [Users] Spice-proxy questions
>> > >
>> > > On Čt, 2014-01-23 at 13:42 -0800, David Li wrote:
>> > >> Itamar,
>> > >>
>> > >> The web page isn't very clear how to set this.
>> > >>
>> > >> What's the "someProxy" supposed to be?
>> > >
>> > > SpiceProxyDefaut=http://proxy_ip_or_fqdn:port/
>> > >
>> > > David
>> > >
>> > >>
>> > >> engine-config -s SpiceProxyDefault=someProxy
>> > >>
>> > >>
>> > >>
>> > >> ----- Original Message -----
>> > >> > From: Itamar Heim <iheim at redhat.com>
>> > >> > To: David Li <david_li at sbcglobal.net>;
>> > > "users at ovirt.org" <users at ovirt.org>
>> > >> > Cc:
>> > >> > Sent: Thursday, January 23, 2014 1:01 PM
>> > >> > Subject: Re: [Users] Spice-proxy questions
>> > >> >
>> > >> > On 01/23/2014 10:05 PM, David Li wrote:
>> > >> >> Hi,
>> > >> >>
>> > >> >> It looks like my only option to get a console is
> using
>> > > spice-proxy as in
>> > >> > http://www.ovirt.org/Features/Spice_Proxy
>> > >> >>
>> > >> >> However I am not sure how to make it work. I have
> installed all
>> > > three
>> > >> > required packages on the engine (3.3.2). And my
> engine-config shows:
>> > >> >>
>> > >> >>
>> > >> >> [root at xyz ~]# engine-config -a | grep Spice
>> > >> >> EnableSpiceRootCertificateValidation: true
> version: general
>> > >> >> SpiceReleaseCursorKeys: shift+f12 version: general
>> > >> >> SpiceSecureChannels: smain,sinputs version: 3.0
>> > >> >> SpiceSecureChannels:
>> > >> >
> smain,sinputs,scursor,splayback,srecord,sdisplay,susbredir,ssmartcard
>> > > version:
>> > >> > 3.1
>> > >> >> SpiceSecureChannels:
>> > >> >
> smain,sinputs,scursor,splayback,srecord,sdisplay,susbredir,ssmartcard
>> > > version:
>> > >> > 3.2
>> > >> >> SpiceSecureChannels:
>> > >> >
> smain,sinputs,scursor,splayback,srecord,sdisplay,susbredir,ssmartcard
>> > > version:
>> > >> > 3.3
>> > >> >> SpiceToggleFullScreenKeys: shift+f11 version:
> general
>> > >> >> SpiceUsbAutoShare: true version: general
>> > >> >> SpiceProxyDefault: version: general
>> > >> >
>> > >> > i don't remember the details, but i assume
> SpiceProxyDefault
>> > > should not
>> > >> > be empty, set it with engine-config -s
> SpiceProxyDefault
>> > >> >
>> > >> >
> engine-config.properties:SpiceProxyDefault.description='Default
>> > > proxy
>> > >> > used by SPICE client to connect to the
>> > >> >
>> > >> >
>> > >> >> ClientModeSpiceDefault: Auto version: general
>> > >> >>
>> > >> >>
>> > >> >> The problem is that on my web portal, I don't
> see any
>> > > "Enable
>> > >> > SPICE Proxy" box that I can check.
>> > >> >>
>> > >> >> Anyone knows why?
>> > >> >>
>> > >> >> Thanks.
>> > >> >>
>> > >> >> David
>> > >> >>
>> > >> >> _______________________________________________
>> > >> >> Users mailing list
>> > >> >> Users at ovirt.org
>> > >> >> http://lists.ovirt.org/mailman/listinfo/users
>> > >> >>
>> > >> >
>> > >> _______________________________________________
>> > >> Users mailing list
>> > >> Users at ovirt.org
>> > >> http://lists.ovirt.org/mailman/listinfo/users
>> > >
>> > _______________________________________________
>> > Users mailing list
>> > Users at ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list