Re: [foreman-dev] Firefox 57 and noVNC

2017-12-05 Thread Lukas Zapletal 
This is Sat 6.3 install (Katello 3.4), no changes here:

# Websockets
:websockets_encrypt: on
:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

# SSL-settings
:ssl_certificate: /etc/foreman/client_cert.pem
:ssl_ca_file: /etc/foreman/proxy_ca.pem
:ssl_priv_key: /etc/foreman/client_key.pem

On Tue, Dec 5, 2017 at 12:06 PM, Ewoud Kohl van Wijngaarden
 wrote:
> On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote:
>>
>> I was trying noVNC the other day on FF 57. Imported katello CA (it was
>> a katello intance), but it didn't work until I flipped flag
>> "network.websocket.allowInsecureFromHTTPS" on and then it worked.
>>
>> I remember that Firefox always worked out of box - when server CA was
>> imported, it worked like charm. In the documentation we have "FF might
>> need to turn on this flag". Anyone knows under which circumstances we
>> need to flip this on?
>>
>> Any luck setting up FF 57 without any hacking with noVNC?
>>
>> https://theforeman.org/manuals/1.15/index.html#7.1NoVNC
>
>
> There are settings (websockets_ssl_{key,cert}) to choose which certificate
> is presented by the VNC websockets proxy. Are you sure the correct
> certificates are used by it?
>
> --
> You received this message because you are subscribed to the Google Groups
> "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-dev+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-dev] Firefox 57 and noVNC

2017-12-05 Thread Ewoud Kohl van Wijngaarden 

On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote:

I was trying noVNC the other day on FF 57. Imported katello CA (it was
a katello intance), but it didn't work until I flipped flag
"network.websocket.allowInsecureFromHTTPS" on and then it worked.

I remember that Firefox always worked out of box - when server CA was
imported, it worked like charm. In the documentation we have "FF might
need to turn on this flag". Anyone knows under which circumstances we
need to flip this on?

Any luck setting up FF 57 without any hacking with noVNC?

https://theforeman.org/manuals/1.15/index.html#7.1NoVNC


There are settings (websockets_ssl_{key,cert}) to choose which 
certificate is presented by the VNC websockets proxy. Are you sure the 
correct certificates are used by it?


--
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[foreman-dev] Firefox 57 and noVNC

2017-12-05 Thread Lukas Zapletal 
Hello,

I was trying noVNC the other day on FF 57. Imported katello CA (it was
a katello intance), but it didn't work until I flipped flag
"network.websocket.allowInsecureFromHTTPS" on and then it worked.

I remember that Firefox always worked out of box - when server CA was
imported, it worked like charm. In the documentation we have "FF might
need to turn on this flag". Anyone knows under which circumstances we
need to flip this on?

Any luck setting up FF 57 without any hacking with noVNC?

https://theforeman.org/manuals/1.15/index.html#7.1NoVNC

-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.