[pve-devel] idea for implementation of a spice http connect proxy, with pve authentification
Dietmar Maurer
dietmar at proxmox.com
Mon Jun 17 10:37:33 CEST 2013
> Yes, I would like to reuse pveproxy. (I just have tested HTTP::PROXY to see
> how it's work)
>
> The only thing is that spice client only do proxy through http and not https.
> But it should be possible to add a new listen port to pveproxy on http, only
> accepting CONNECT request.
> Should not be a security problem if we crypt the host header, and the
> connection to spice use tls.
Maybe it is better to use an dynamic port and run a separate server (like we do for VNC)?
> I think the main problem in HTTP::PROXY, it that the tunnel is not bi-
> directionnal. I have debug it, it's waiting for read spice socket.
>
> The implementation is pretty simple:
>
> CLIENT ---> HTTP CONNECT host:port
> SERVER ----> HTTP/1.0 200 OK
> then bi-directionnal tunnel read-write
>
>
> But I don't known how to implement the bi-directionnal tunnel in perl.
see run_vnc_proxy() in 'qm'
More information about the pve-devel
mailing list