Project

General

Profile

Feature #1662

Add settings options to secure VNC sessions between Foreman server and client

Added by Anonymous over 9 years ago. Updated over 7 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Right now, in order to enable SSL for noVNC between the foreman server and client, it is necessary to update /usr/share/foreman/lib/vnc_proxy.rb install and every update from:
cmd = "#{ws_proxy} --daemon --run-once --timeout=#{timeout} #{port} #{host}:#{host_port}"
to:
cmd = "#{ws_proxy} --daemon --run-once --timeout=#{timeout} #{port} #{host}:#{host_port} --cert=<file-containing-cert-and-key> --ssl-only"

And I believe it is also necessary to edit /var/lib/foreman/public/javascripts/noVNC/rfb.js and change:
if (conf.encrypt) {
uri = "wss://";
} else {
uri = "ws://";
}
to:
if (conf.encrypt) {
uri = "wss://";
} else {
uri = "wss://";
}
though this looks like it should work without modification as expected if conf.encrypt gets set true where ever necessary.

My thinking is that maybe this can be configured from the settings within the webui by setting the cert file in a similar fashio to the ssl_certificate option, and have a secure vnc true/false option similar to the others available, that will then set things up to run accordingly.


Related issues

Is duplicate of Foreman - Feature #3601: Use secure websockets for console accessClosed2013-11-07

History

#1 Updated by Daniel Lobato Garcia over 7 years ago

  • Is duplicate of Feature #3601: Use secure websockets for console access added

#2 Updated by Daniel Lobato Garcia over 7 years ago

  • Description updated (diff)

I'm going to close this in favor of http://projects.theforeman.org/issues/3601 , as that one is already ready for testing.

#3 Updated by Daniel Lobato Garcia over 7 years ago

  • Status changed from New to Duplicate

Also available in: Atom PDF