Hi Gianluca, Thanks for the pointer. They are really helpful. I didn't know about squid. But this is still not working for me after the squid setup as you can see in my email to David Jasa. I am really scratching my head now:). I hope I am getting close but...
----- Original Message ----- > From: Gianluca Cecchi <[email protected]> > To: "[email protected]" <[email protected]> > Cc: David Li <[email protected]> > Sent: Friday, January 24, 2014 10:06 AM > Subject: Re: [Users] Spice-proxy questions > > On Fri, Jan 24, 2014 at 6:58 PM, David Jaša wrote: >> On Pá, 2014-01-24 at 18:45 +0100, David Jaša wrote: >>> On Pá, 2014-01-24 at 09:39 -0800, David Li wrote: >>> > David, >>> > >>> > With SpiceProxy, should I point my admin portal browser to > http://proxy_ip_or_fqdn:port? Does it matter which port number to use? >>> >>> Both FQDN/IP and port do matter. You have to set them so they point to > a >>> running http proxy server instance (e.g. squid). Engine won't set > up a >>> spice-capable http proxy >> >> Just to clarify: you need to tell squid to permit connections to spice >> port range (5900-6144 IIRC). It only allows connections to http ports by >> default. >> >> David >> >>> for you, you have to take care of it yoursef. >>> >>> What engine can do for you is to configure websocket proxy that allows >>> connections by html5 client (the one that runs entirely in browser). >>> >>> David > > On my CentOS 5.10 server (10.4.4.63) that is the squid proxy for > engine I have this configuration that works > > [root@c510 squid]# diff squid.conf squid.conf.orig > 578,582d577 > < > < acl localnet src 10.4.3.0/24 # RFC1918 possible internal network > < acl localnet src 10.4.23.0/24 # RFC1918 possible internal network > < acl localnet src 10.4.4.0/24 # RFC1918 possible internal network > < > 625c620 > < #http_access deny CONNECT !SSL_ports > --- >> http_access deny CONNECT !SSL_ports > 639d633 > < http_access allow localnet > 927,928c921 > < #http_port 3128 > < http_port 80 > --- >> http_port 3128 > > My clients where I run the browser that connects to engine (10.4.4.58) > are on 10.4.3.0, 10.4.4.0 or 10.4.23.0 networks. > No iptables on proxy server > oVirt hosts are on 10.4.4.0 netowrk too. > > HIH, > Gianluca > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
