> On 19 Mar 2017, at 13:54, Uri Lublin <uril@xxxxxxxxxx> wrote: > > Signed-off-by: Uri Lublin <uril@xxxxxxxxxx> > ---- > > Changes since v1: > 1. :modified: was removed from the top > 2. 2 ways to set up proxy -- are numbered > 3. Comment added to not use http_proxy > 4. "Installation (Fedora)" section removed. > 5. A misplaced "the" was removed. > > -- > proxy.rst | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 95 insertions(+) > create mode 100644 proxy.rst > > diff --git a/proxy.rst b/proxy.rst > new file mode 100644 > index 0000000..9332cd5 > --- /dev/null > +++ b/proxy.rst > @@ -0,0 +1,95 @@ > +Spice Proxy > +########### > + > +:slug: spice-proxy > + > +Introduction > +++++++++++++ > + > +Spice client (remote-viewer) supports connecting to the server via an http proxy. > +This may be desirable for cases when the client does not have direct access I would write either “in cases where the client” or just “when the client”. Are there native english speakers on the list to confirm/infirm? > +to the server. > + > +Configuring the Client > +++++++++++++++++++++++ > + > +Proxy Format > +^^^^^^^^^^^^ > +[protocol://]proxy-host[:proxy-port] > + > +.. code-block:: sh > + > + for example: http://10.0.15.50:3128 > + > +There are two ways to tell the client to connect via an http proxy: > + > +1. SPICE_PROXY environment variable > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > +A SPICE_PROXY environment variable tells remote-viewer > +to connect to the spice-server via a proxy-server > + > +.. code-block:: sh > + > + export SPICE_PROXY="http://10.0.15.50:3128"; > + > +(Please do not use "http_proxy" as it is not currently supported) Just curious, why not? It makes sense to have SPICE_PROXY to override if you need to. But why not support http_proxy as well? > + > +2. proxy key in a vv-file (under [virt-viewer]) > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > +A proxy key in a vv-file tells remote-viewer to > +connect to the spice-server via a proxy-server > + > +.. code-block:: sh > + > + [virt-viewer] > + proxy=http://10.0.15.50:3128 > + > + > +Configuring the proxy server (squid as an example) > +++++++++++++++++++++++++++++++++++++++++++++++++++ > +Squid (squid-cache.org) can be used as a proxy server. > + > +This is just an example. > +There are other configurations possible, and other proxy > +servers. > +Configuration should be done according to requirements. > +Firewall, if exists, may need to be configured as well. > + > + > +Example Configuration (Fedora) > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > +For information about configuring Squid, please take a look > +at squid documentation. > +I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl. > + > +Let's assume there are two hosts (hypervisors) with > +IP addresses 10.0.0.1 and 10.0.0.2, and both > +use ports 5900 and 5901 for Spice. > +A possible configuration may be (in /etc/squid/squid.conf): > + > +.. code-block:: sh > + > + acl SPICE_HOSTS 10.0.0.1 10.0.0.2 > + acl SPICE_PORTS 5900 5901 > + http_access allow SPICE_HOSTS > + http_access allow SPICE_PORTS > + http_access deny all > + > +allow these hosts and ports but nothing else. > + > + > +Running the client > +++++++++++++++++++++++ > +Once the proxy is set up as described above, run the client as usual, e.g > + > +.. code-block:: sh > + > + remote-viewer console.vv > + > +or > + > +.. code-block:: sh > + > + remote-viewer spice://10.0.0.1:5901 > + > + > -- > 2.9.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel