Project

General

Profile

Actions

Feature #3601

closed

Use secure websockets for console access

Added by Ewoud Kohl van Wijngaarden about 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

As documented in NoVNC under known issues:

when using Firefox, if you use foreman via https, firefox might block the connection (see limiations below), to fix it, goto about:config and enable network.websocket.allowInsecureFromHTTPS

Foreman defaults to https:// only, so every firefox user runs into this. It would also increase security if all console access was encrypted. Websockify does support it, so it's mostly a matter of passing the correct parameters. Ideally the used certificates would be overrideable through settings.yaml.


Related issues 3 (1 open2 closed)

Related to Foreman - Bug #7018: SPICE libvirt websockets connections aren't encryptedNew08/11/2014Actions
Has duplicate Foreman - Feature #4224: Support for TLS Spice connections for console access on libvirt Compute ressourcesDuplicate01/30/2014Actions
Has duplicate Foreman - Feature #1662: Add settings options to secure VNC sessions between Foreman server and clientDuplicate05/30/2012Actions
Actions #1

Updated by Ewoud Kohl van Wijngaarden almost 11 years ago

  • Status changed from New to Ready For Testing

https://github.com/theforeman/foreman/pull/1024 already tested with VMware and VNC. Needs testing with SPICE.

Actions #2

Updated by Dominic Cleal almost 11 years ago

  • Has duplicate Feature #4224: Support for TLS Spice connections for console access on libvirt Compute ressources added
Actions #3

Updated by Dominic Cleal over 10 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1107647
Actions #4

Updated by Daniel Lobato Garcia over 10 years ago

  • Has duplicate Feature #1662: Add settings options to secure VNC sessions between Foreman server and client added
Actions #5

Updated by The Foreman Bot over 10 years ago

  • Target version set to 1.8.0
  • Pull request https://github.com/theforeman/foreman/pull/1024 added
Actions #6

Updated by Daniel Lobato Garcia over 10 years ago

  • Category changed from Compute resources to Security
  • Assignee set to Daniel Lobato Garcia
Actions #7

Updated by Daniel Lobato Garcia over 10 years ago

  • Status changed from Ready For Testing to Closed
Actions #8

Updated by Dominic Cleal over 10 years ago

  • Translation missing: en.field_release set to 10
Actions #9

Updated by Ewoud Kohl van Wijngaarden over 10 years ago

https://github.com/theforeman/puppet-foreman/pull/202 enables support by default in the installer.

Actions #10

Updated by Dominic Cleal over 10 years ago

  • Related to Bug #7018: SPICE libvirt websockets connections aren't encrypted added
Actions

Also available in: Atom PDF