Hello, this problem has been pending for a while.
The bad news is that wss:/ mode is not supported by default in Suntone. I
created a feature to see if we can do it for the next release[1].
It is nevertheless possible to manually enable wss support withut much
harness:
* 1) - Modify line 232 of SunstoneServer.rb (lib/one/sunstone/models)
novnc_exec = "#{novnc_cmd} #{proxy_port} #{host}:#{vnc_port}"
to
novnc_exec = "#{novnc_cmd} --cert=CERT --key=KEY --ssl-only #{proxy_port}
#{host}:#{vnc_port}"
where CERT and KEY are paths to the relevant certificates (include --key
only if the key is separate from the cert). You can also add --ssl-only
* 2) - Enable wss:// in client side of noVNC. Change line 1213 of
vm-tab.js
(lib/one/sunstone/public/js/plugins)
'encrypt': false,
to
'encrypt': true,
That will make wss connections possible, provided that the CERT and KEY
are readable by oneadmin and that the user browser likes the
certificate[2]. It works for me at least.
Have in mind that clients need access to the ports on which the
websocket<->VNC proxy (websockify) will be running.
Hector
[1] http://dev.opennebula.org/issues/1069
[2] https://github.com/kanaka/noVNC/wiki/Troubleshooting (encrypted
connection issues).
En Wed, 18 Jan 2012 12:42:40 +0100, Rolandas Naujikas
<rolandas.nauji...@mif.vu.lt> escribió:
Hi,
Currently I run sunstone through web proxy with ssl (https://) support,
but noVNC is not encrypted (and by default it doesn't work in recent
Firefox without changing websocket configuration parameters). Is it
possible to enable ssl (wss://) support in noVNC and how to do that ?
Regards, Rolandas
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Hector Sanjuan
OpenNebula Developer
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org