On 02/19/2017 07:33 PM, Oscar Segarra wrote:
Hi Uri,
I have not been able to find the example you suggest... can you paste
the url of the example?
Hi Oscar,
Disclaimer:
This is just an example. There may be better more secure ways
to do it. You should research and decide on a solution
according to your specific requirements.
I did not even test the suggested solution.
For example:
http://wiki.squid-cache.org/SquidFaq/SquidAcl under
"Is there an easy way of banning all Destination addresses except one?"
You can configure your squid server to allow only access the
two hosts and specific ports on those hosts and deny the rest.
acl GOOD_HOST dst 10.0.0.1
acl GOOD_HOST dst 10.0.0.2
acl GOOD_PORT port 5900
http_access allow GOOD_HOST
http_access allow GOOT_PORT
http_access deny all
# The last command is not needed according to
# http://www.squid-cache.org/Doc/config/http_access/
# but it does appear in the SquidAcl example
Uri.
2017-02-19 18:23 GMT+01:00 Uri Lublin <uril@xxxxxxxxxx>:
On 02/19/2017 12:50 PM, Oscar Segarra wrote:
Hi Uri,
Is there any public documentation for configuring the http/https
proxy?
In my scenario, I have 2 hypervisors and I don't know exactly how to
redirect each port to each hypervisor.
And regarding your comments, host_ip and host_port (in first and
second
command) belong to the reverse proxy or the hypervisor?
Thanks a lot for your help
One proxy server you can try is squid (squid-cache.org
<http://squid-cache.org>).
Perhaps one of the examples on its site fits your needs.
In the command below, host is the hypervisor.
If you want to hide the hypervisor ip address and port
perhaps a more sophisticated proxy can be used and that
command line will be a bit different. I never tried it.
Regards,
Uri.
El 19 feb. 2017 10:48 a. m., "Uri Lublin" <uril@xxxxxxxxxx
<mailto:uril@xxxxxxxxxx>>
On 02/19/2017 08:07 AM, Oscar Segarra wrote:
Hi,
First of all, I'd like to say that I'm not sure
enough I'm
writing to
the correct mailing list, I have not been able
to find a common
users
mailing list.
I'm planning to deploy a VDI solution based on
SPICE. I'd like
to grant
access through the Internet to the VDI desktops
but I don't want to
expose the hypervisors to the Internet.
Using virt-viewer or remote-viewer (not the
html5 feature as I
want USB
redirection), is there any trick to make this
scenario work:
/Internet --> FW --> Kind of spice reverse proxy
--> FW -->
Hypervisors
(more than one)./
Hi,
If you have an http/https proxy server, please try:
SPICE_PROXY=proxy_ip:proxy_port remote-viewer
host_ip:host_port
Hope that helps,
Uri.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel