Feature #3601

Use secure websockets for console access

Added by Ewoud Kohl van Wijngaarden over 4 years ago. Updated 9 days ago.

Status:Closed
Priority:Normal
Assignee:Daniel Lobato Garcia
Category:Security
Target version:1.6.0
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link:1107647 Found in Releases:
Pull request:https://github.com/theforeman/foreman/pull/1024

Description

As documented in NoVNC under known issues:

when using Firefox, if you use foreman via https, firefox might block the connection (see limiations below), to fix it, goto about:config and enable network.websocket.allowInsecureFromHTTPS

Foreman defaults to https:// only, so every firefox user runs into this. It would also increase security if all console access was encrypted. Websockify does support it, so it's mostly a matter of passing the correct parameters. Ideally the used certificates would be overrideable through settings.yaml.


Related issues

Related to Foreman - Bug #7018: SPICE libvirt websockets connections aren't encrypted New 08/11/2014
Duplicated by Foreman - Feature #4224: Support for TLS Spice connections for console access on l... Duplicate 01/30/2014
Duplicated by Foreman - Feature #1662: Add settings options to secure VNC sessions between Forem... Duplicate 05/30/2012

Associated revisions

Revision 7d7faa5c
Added by Ewoud Kohl van Wijngaarden about 4 years ago

fixes #3601: Use secure websockets if available

Websockets_ssl* settings must be configured with the appropriate
certificates for this to work.

History

#1 Updated by Ewoud Kohl van Wijngaarden over 4 years ago

  • Status changed from New to Ready For Testing

https://github.com/theforeman/foreman/pull/1024 already tested with VMware and VNC. Needs testing with SPICE.

#2 Updated by Dominic Cleal over 4 years ago

  • Duplicated by Feature #4224: Support for TLS Spice connections for console access on libvirt Compute ressources added

#3 Updated by Dominic Cleal about 4 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1107647

#4 Updated by Daniel Lobato Garcia about 4 years ago

  • Duplicated by Feature #1662: Add settings options to secure VNC sessions between Foreman server and client added

#5 Updated by The Foreman Bot about 4 years ago

  • Target version set to 1.8.0
  • Pull request https://github.com/theforeman/foreman/pull/1024 added

#6 Updated by Daniel Lobato Garcia about 4 years ago

  • Category changed from Compute resources to Security
  • Assignee set to Daniel Lobato Garcia

#7 Updated by Daniel Lobato Garcia about 4 years ago

  • Status changed from Ready For Testing to Closed

#8 Updated by Dominic Cleal almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 10

#9 Updated by Ewoud Kohl van Wijngaarden almost 4 years ago

https://github.com/theforeman/puppet-foreman/pull/202 enables support by default in the installer.

#10 Updated by Dominic Cleal almost 4 years ago

  • Related to Bug #7018: SPICE libvirt websockets connections aren't encrypted added

Also available in: Atom PDF