Project

General

Custom queries

Profile

Actions
Copy link

Feature #3601

closed

Use secure websockets for console access

Added by Ewoud Kohl van Wijngaarden over 11 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Security
Target version:
1.6.0
Difficulty:
Triaged:
Bugzilla link:
1107647
Pull request:
https://github.com/theforeman/foreman/pull/1024
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

As documented in NoVNC under known issues:

when using Firefox, if you use foreman via https, firefox might block the connection (see limiations below), to fix it, goto about:config and enable network.websocket.allowInsecureFromHTTPS

Foreman defaults to https:// only, so every firefox user runs into this. It would also increase security if all console access was encrypted. Websockify does support it, so it's mostly a matter of passing the correct parameters. Ideally the used certificates would be overrideable through settings.yaml.

Related issues 3 (1 open2 closed)

Related to Foreman - Bug #7018: SPICE libvirt websockets connections aren't encryptedNew08/11/2014Actions
Has duplicate Foreman - Feature #4224: Support for TLS Spice connections for console access on libvirt Compute ressourcesDuplicate01/30/2014Actions
Has duplicate Foreman - Feature #1662: Add settings options to secure VNC sessions between Foreman server and clientDuplicate05/30/2012Actions

Added by Ewoud Kohl van Wijngaarden almost 11 years ago

Revision 7d7faa5c (diff)

fixes #3601: Use secure websockets if available

Websockets_ssl* settings must be configured with the appropriate
certificates for this to work.

Actions
Copy link

Also available in: Atom PDF