[Spice-devel] [spice-space-pages PATCH] Spice Proxy documentation

Uri Lublin uril at redhat.com
Thu Mar 9 12:26:08 UTC 2017 

On 03/06/2017 04:42 PM, Frediano Ziglio wrote:
>>
>> Signed-off-by: Uri Lublin <uril at redhat.com>
>> ---
>>  proxy.rst | 102
>>  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 102 insertions(+)
>>  create mode 100644 proxy.rst
>>
>> diff --git a/proxy.rst b/proxy.rst
>> new file mode 100644
>> index 0000000..9824a15
>> --- /dev/null
>> +++ b/proxy.rst
>> @@ -0,0 +1,102 @@
>> +Spice Proxy
>> +###########
>> +
>> +:slug: spice-proxy
>> +:modified: 2017-03-05 10:00
>
> Is not git enough? These fields tend to not get updated at the end.

It appears in most rst files.
I do not mind dropping it.

>
>> +
>> +Introduction
>> +++++++++++++
>> +
>> +Spice client (remote-viewer) supports connecting to the server via an http
>> proxy.
>> +This may be desirable for cases when the client does not have direct access
>> +to the server.
>> +
>> +Configuring the Client
>> +++++++++++++++++++++++
>> +
>> +Proxy Format
>> +^^^^^^^^^^^^
>> +[protocol://]proxy-host[:proxy-port]
>> +
>> +.. code-block:: sh
>> +
>> +   for example: http://10.0.15.50:3128
>> +
>> +There are two ways to tell the client to connect via an http proxy:
>> +
>> +SPICE_PROXY environment variable
>> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> +A SPICE_PROXY environment variable tells remote-viewer
>> +to connect to the spice-server via a proxy-server
>> +
>> +.. code-block:: sh
>> +
>> +   export SPICE_PROXY="http://10.0.15.50:3128"
>> +
>> +proxy key in a vv-file (under [virt-viewer])
>> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> +A proxy key in a vv-file tells the remote-viewer to
>> +connect to the spice-server via a proxy-server
>> +
>> +.. code-block:: sh
>> +
>> +   [virt-viewer]
>> +   proxy=http://10.0.15.50:3128
>> +
>> +
>> +Configuring the proxy server (squid as an example)
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>> +Squid (squid-cache.org) can be used as a proxy server.
>> +
>> +This is just an example.
>> +There are other configurations possible, and other proxy
>> +servers.
>> +Configuration should be done according to requirements.
>> +Firewall, if exists, may need to be configured as well.
>> +
>> +
>> +Installation (Fedora)
>> +^^^^^^^^^^^^^^^^^^^^^
>> +On Fedora it can be installed via dnf, e.g.
>> +
>> +.. code-block:: sh
>> +
>> +   dnf install squid
>> +
>> +Example Configuration (Fedora)
>> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> +For information about configuring Squid, please take a look
>> +at squid documentation.
>> +I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
>> +
>> +Let's assume there are two hosts (hypervisors) with
>> +IP addresses 10.0.0.1 and 10.0.0.2, and both
>> +use ports 5900 and 5901 for Spice.
>> +A possible configuration may be (in /etc/squid/squid.conf):
>> +
>> +.. code-block:: sh
>> +
>> +   acl SPICE_HOSTS 10.0.0.1 10.0.0.2
>> +   acl SPICE_PORTS 5900 5901
>> +   http_access allow SPICE_HOSTS
>> +   http_access allow SPICE_PORTS
>> +   http_access deny all
>> +
>> +allow these hosts and ports but nothing else.
>> +
>> +
>> +Running the client
>> +++++++++++++++++++++++
>> +Once the proxy is set up as described above, run the client as usual, e.g
>> +
>> +.. code-block:: sh
>> +
>> +   remote-viewer console.vv
>> +
>> +or
>> +
>> +.. code-block:: sh
>> +
>> +   remote-viewer spice://10.0.0.1:5901
>> +
>> +
>
> Seems fine. Did you see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Installation_Guide/chap-Proxies.html ?
>
> Looks like the page is not linked anywhere. Are you going to link somewhere?

I did not plan on linking to this page.
It may be confusing for non-RHV users.
Also I'm not sure who should update Safe_ports.
If you think it's helpful, I do not mind adding a reference
to the 14.1.1 and 14.1.2 (and probably go for more recent RHV)
The configuration I suggested is more limiting.

Thanks,
     Uri.

More information about the Spice-devel mailing list