[one-users] SSL proxy
Daniel Dehennin
daniel.dehennin at baby-gnu.org
Fri Aug 22 14:53:33 PDT 2014
Johan Kooijman <mail at johankooijman.com> writes:
> As a follow up: the connection can be made, telnet works. Firefox tells me:
>
> GET https://theonepoc.cloud.nl:29876/ [HTTP/1.0 403 Forbidden 35ms]
> "New state 'loaded', was 'disconnected'. Msg: noVNC ready: native
> WebSockets, canvas rendering" util.js:110
> "New state 'connect', was 'loaded'." util.js:110
> "Skipping unsupported WebSocket binary sub-protocol" util.js:111
>
> Firefox can't establish a connection to the server at wss://
> theonepoc.cloud.nl:29876/?token=xbw7pps1nuzhxz5b9nds. websock.js:333
As far as I understand, theonepoc.cloud.nl:29876 is not managed by nginx
but by the python-websocket, nginx just serve the javascript code which
open the WSS connection.
Maybe with nginx support[1] you can reverse proxy the WebSocket:
1) make python-websocket listen on 127.0.0.1 only
2) configure nginx to listen on theonepoc.cloud.nl:29876 with SSL and
proxy_pass it to python-websocket on 127.0.0.1
I do not test it, but a simpler approach could be to configure wss in
/etc/one/sunstone-server.conf to use the same certificate and key than
nginx?
Regards.
Footnotes:
[1] http://nginx.org/en/docs/http/websocket.html
--
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 342 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140822/70577ec6/attachment.pgp>
More information about the Users
mailing list