On 03/06/2017 04:42 PM, Frediano Ziglio wrote:
Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
---
proxy.rst | 102
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 102 insertions(+)
create mode 100644 proxy.rst
diff --git a/proxy.rst b/proxy.rst
new file mode 100644
index 0000000..9824a15
--- /dev/null
+++ b/proxy.rst
@@ -0,0 +1,102 @@
+Spice Proxy
+###########
+
+:slug: spice-proxy
+:modified: 2017-03-05 10:00
Is not git enough? These fields tend to not get updated at the end.
It appears in most rst files.
I do not mind dropping it.
+
+Introduction
+++++++++++++
+
+Spice client (remote-viewer) supports connecting to the server via an http
proxy.
+This may be desirable for cases when the client does not have direct access
+to the server.
+
+Configuring the Client
+++++++++++++++++++++++
+
+Proxy Format
+^^^^^^^^^^^^
+[protocol://]proxy-host[:proxy-port]
+
+.. code-block:: sh
+
+ for example: http://10.0.15.50:3128
+
+There are two ways to tell the client to connect via an http proxy:
+
+SPICE_PROXY environment variable
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A SPICE_PROXY environment variable tells remote-viewer
+to connect to the spice-server via a proxy-server
+
+.. code-block:: sh
+
+ export SPICE_PROXY="http://10.0.15.50:3128";
+
+proxy key in a vv-file (under [virt-viewer])
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A proxy key in a vv-file tells the remote-viewer to
+connect to the spice-server via a proxy-server
+
+.. code-block:: sh
+
+ [virt-viewer]
+ proxy=http://10.0.15.50:3128
+
+
+Configuring the proxy server (squid as an example)
+++++++++++++++++++++++++++++++++++++++++++++++++++
+Squid (squid-cache.org) can be used as a proxy server.
+
+This is just an example.
+There are other configurations possible, and other proxy
+servers.
+Configuration should be done according to requirements.
+Firewall, if exists, may need to be configured as well.
+
+
+Installation (Fedora)
+^^^^^^^^^^^^^^^^^^^^^
+On Fedora it can be installed via dnf, e.g.
+
+.. code-block:: sh
+
+ dnf install squid
+
+Example Configuration (Fedora)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+For information about configuring Squid, please take a look
+at squid documentation.
+I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
+
+Let's assume there are two hosts (hypervisors) with
+IP addresses 10.0.0.1 and 10.0.0.2, and both
+use ports 5900 and 5901 for Spice.
+A possible configuration may be (in /etc/squid/squid.conf):
+
+.. code-block:: sh
+
+ acl SPICE_HOSTS 10.0.0.1 10.0.0.2
+ acl SPICE_PORTS 5900 5901
+ http_access allow SPICE_HOSTS
+ http_access allow SPICE_PORTS
+ http_access deny all
+
+allow these hosts and ports but nothing else.
+
+
+Running the client
+++++++++++++++++++++++
+Once the proxy is set up as described above, run the client as usual, e.g
+
+.. code-block:: sh
+
+ remote-viewer console.vv
+
+or
+
+.. code-block:: sh
+
+ remote-viewer spice://10.0.0.1:5901
+
+
Seems fine. Did you see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Installation_Guide/chap-Proxies.html ?
Looks like the page is not linked anywhere. Are you going to link somewhere?
I did not plan on linking to this page.
It may be confusing for non-RHV users.
Also I'm not sure who should update Safe_ports.
If you think it's helpful, I do not mind adding a reference
to the 14.1.1 and 14.1.2 (and probably go for more recent RHV)
The configuration I suggested is more limiting.
Thanks,
Uri.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel