[one-users] secure noVNC installation

Hector Sanjuan hsanjuan at opennebula.org
Fri Jan 20 05:51:19 PST 2012


Hello, this problem has been pending for a while.

The bad news is that wss:/ mode is not supported by default in Suntone. I
created a feature to see if we can do it for the next release[1].

It is nevertheless possible to manually enable wss support withut much  
harness:

    * 1) - Modify line 232 of SunstoneServer.rb (lib/one/sunstone/models)

novnc_exec = "#{novnc_cmd} #{proxy_port} #{host}:#{vnc_port}"

to

novnc_exec = "#{novnc_cmd} --cert=CERT --key=KEY --ssl-only #{proxy_port}
#{host}:#{vnc_port}"

where CERT and KEY are paths to the relevant certificates (include --key
only if the key is separate from the cert). You can also add --ssl-only

    * 2) - Enable wss:// in client side of noVNC. Change line 1213 of
vm-tab.js
(lib/one/sunstone/public/js/plugins)

'encrypt':      false,

to

'encrypt':      true,

That will make wss connections possible, provided that the CERT and KEY
are readable by oneadmin and that the user browser likes the
certificate[2]. It works for me at least.

Have in mind that clients need access to the ports on which the  
websocket<->VNC proxy (websockify) will be running.

Hector

[1] http://dev.opennebula.org/issues/1069
[2] https://github.com/kanaka/noVNC/wiki/Troubleshooting (encrypted
connection issues).

En Wed, 18 Jan 2012 12:42:40 +0100, Rolandas Naujikas
<rolandas.naujikas at mif.vu.lt> escribió:

> Hi,
>
> Currently I run sunstone through web proxy with ssl (https://) support,
> but noVNC is not encrypted (and by default it doesn't work in recent
> Firefox without changing websocket configuration parameters). Is it
> possible to enable ssl (wss://) support in noVNC and how to do that ?
>
> Regards, Rolandas
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


-- 
Hector Sanjuan
OpenNebula Developer



More information about the Users mailing list