[one-users] secure noVNC installation
Hector Sanjuan
hsanjuan at opennebula.org
Fri Jan 20 05:51:19 PST 2012
Hello, this problem has been pending for a while.
The bad news is that wss:/ mode is not supported by default in Suntone. I
created a feature to see if we can do it for the next release[1].
It is nevertheless possible to manually enable wss support withut much
harness:
* 1) - Modify line 232 of SunstoneServer.rb (lib/one/sunstone/models)
novnc_exec = "#{novnc_cmd} #{proxy_port} #{host}:#{vnc_port}"
to
novnc_exec = "#{novnc_cmd} --cert=CERT --key=KEY --ssl-only #{proxy_port}
#{host}:#{vnc_port}"
where CERT and KEY are paths to the relevant certificates (include --key
only if the key is separate from the cert). You can also add --ssl-only
* 2) - Enable wss:// in client side of noVNC. Change line 1213 of
vm-tab.js
(lib/one/sunstone/public/js/plugins)
'encrypt': false,
to
'encrypt': true,
That will make wss connections possible, provided that the CERT and KEY
are readable by oneadmin and that the user browser likes the
certificate[2]. It works for me at least.
Have in mind that clients need access to the ports on which the
websocket<->VNC proxy (websockify) will be running.
Hector
[1] http://dev.opennebula.org/issues/1069
[2] https://github.com/kanaka/noVNC/wiki/Troubleshooting (encrypted
connection issues).
En Wed, 18 Jan 2012 12:42:40 +0100, Rolandas Naujikas
<rolandas.naujikas at mif.vu.lt> escribió:
> Hi,
>
> Currently I run sunstone through web proxy with ssl (https://) support,
> but noVNC is not encrypted (and by default it doesn't work in recent
> Firefox without changing websocket configuration parameters). Is it
> possible to enable ssl (wss://) support in noVNC and how to do that ?
>
> Regards, Rolandas
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Hector Sanjuan
OpenNebula Developer
More information about the Users
mailing list