[Users] Spice-proxy questions

David Li david_li at sbcglobal.net
Fri Jan 24 19:47:21 UTC 2014 

Hi Gianluca,

Thanks for the pointer. They are really helpful. I didn't know about squid. But this is still not working for me after the squid setup as you can see in my email to David Jasa. 
I am really scratching my head now:). I hope I am getting close but...



----- Original Message -----
> From: Gianluca Cecchi <gianluca.cecchi at gmail.com>
> To: "users at ovirt.org" <users at ovirt.org>
> Cc: David Li <david_li at sbcglobal.net>
> Sent: Friday, January 24, 2014 10:06 AM
> Subject: Re: [Users] Spice-proxy questions
> 
> On Fri, Jan 24, 2014 at 6:58 PM, David Jaša  wrote:
>>  On Pá, 2014-01-24 at 18:45 +0100, David Jaša wrote:
>>>  On Pá, 2014-01-24 at 09:39 -0800, David Li wrote:
>>>  > David,
>>>  >
>>>  > With SpiceProxy, should I point my admin portal browser to 
> http://proxy_ip_or_fqdn:port? Does it matter which port number to use?
>>> 
>>>  Both FQDN/IP and port do matter. You have to set them so they point to 
> a
>>>  running http proxy server instance (e.g. squid). Engine won't set 
> up a
>>>  spice-capable http proxy
>> 
>>  Just to clarify: you need to tell squid to permit connections to spice
>>  port range (5900-6144 IIRC). It only allows connections to http ports by
>>  default.
>> 
>>  David
>> 
>>>  for you, you have to take care of it yoursef.
>>> 
>>>  What engine can do for you is to configure websocket proxy that allows
>>>  connections by html5 client (the one that runs entirely in browser).
>>> 
>>>  David
> 
> On my CentOS 5.10 server (10.4.4.63) that is the squid proxy for
> engine I have this configuration that works
> 
> [root at c510 squid]# diff squid.conf squid.conf.orig
> 578,582d577
> <
> < acl localnet src 10.4.3.0/24    # RFC1918 possible internal network
> < acl localnet src 10.4.23.0/24    # RFC1918 possible internal network
> < acl localnet src 10.4.4.0/24    # RFC1918 possible internal network
> <
> 625c620
> < #http_access deny CONNECT !SSL_ports
> ---
>>  http_access deny CONNECT !SSL_ports
> 639d633
> < http_access allow localnet
> 927,928c921
> < #http_port 3128
> < http_port 80
> ---
>>  http_port 3128
> 
> My clients where I run the browser that connects to engine (10.4.4.58)
> are on 10.4.3.0, 10.4.4.0 or 10.4.23.0 networks.
> No iptables on proxy server
> oVirt hosts are on 10.4.4.0 netowrk too.
> 
> HIH,
> Gianluca
>

More information about the Users mailing list