[Spice-devel,spice-space-pages,v2] Spice Proxy documentation

Submitted by Uri Lublin on March 19, 2017, 12:54 p.m.

Details

Message ID 20170319125427.3952-1-uril@redhat.com
State New
Headers show
Series "Spice Proxy documentation" ( rev: 2 ) in Spice

Not browsing as part of any series.

Commit Message

Uri Lublin March 19, 2017, 12:54 p.m.
Signed-off-by: Uri Lublin <uril@redhat.com>
----

Changes since v1:
 1. :modified: was removed from the top
 2. 2 ways to set up proxy -- are numbered
 3. Comment added to not use http_proxy
 4. "Installation (Fedora)" section removed.
 5. A misplaced "the" was removed.

--
 proxy.rst | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 proxy.rst

Patch hide | download patch | download mbox

diff --git a/proxy.rst b/proxy.rst
new file mode 100644
index 0000000..9332cd5
--- /dev/null
+++ b/proxy.rst
@@ -0,0 +1,95 @@ 
+Spice Proxy
+###########
+
+:slug: spice-proxy
+
+Introduction
+++++++++++++
+
+Spice client (remote-viewer) supports connecting to the server via an http proxy.
+This may be desirable for cases when the client does not have direct access
+to the server.
+
+Configuring the Client
+++++++++++++++++++++++
+
+Proxy Format
+^^^^^^^^^^^^
+[protocol://]proxy-host[:proxy-port]
+
+.. code-block:: sh
+
+   for example: http://10.0.15.50:3128
+
+There are two ways to tell the client to connect via an http proxy:
+
+1. SPICE_PROXY environment variable
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A SPICE_PROXY environment variable tells remote-viewer
+to connect to the spice-server via a proxy-server
+
+.. code-block:: sh
+
+   export SPICE_PROXY="http://10.0.15.50:3128"
+
+(Please do not use "http_proxy" as it is not currently supported)
+
+2. proxy key in a vv-file (under [virt-viewer])
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+A proxy key in a vv-file tells remote-viewer to
+connect to the spice-server via a proxy-server
+
+.. code-block:: sh
+
+   [virt-viewer]
+   proxy=http://10.0.15.50:3128
+
+
+Configuring the proxy server (squid as an example)
+++++++++++++++++++++++++++++++++++++++++++++++++++
+Squid (squid-cache.org) can be used as a proxy server.
+
+This is just an example.
+There are other configurations possible, and other proxy
+servers.
+Configuration should be done according to requirements.
+Firewall, if exists, may need to be configured as well.
+
+
+Example Configuration (Fedora)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+For information about configuring Squid, please take a look
+at squid documentation.
+I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
+
+Let's assume there are two hosts (hypervisors) with
+IP addresses 10.0.0.1 and 10.0.0.2, and both
+use ports 5900 and 5901 for Spice.
+A possible configuration may be (in /etc/squid/squid.conf):
+
+.. code-block:: sh
+
+   acl SPICE_HOSTS 10.0.0.1 10.0.0.2
+   acl SPICE_PORTS 5900 5901
+   http_access allow SPICE_HOSTS
+   http_access allow SPICE_PORTS
+   http_access deny all
+
+allow these hosts and ports but nothing else.
+
+
+Running the client
+++++++++++++++++++++++
+Once the proxy is set up as described above, run the client as usual, e.g
+
+.. code-block:: sh
+
+   remote-viewer console.vv
+
+or
+
+.. code-block:: sh
+
+   remote-viewer spice://10.0.0.1:5901
+
+

Comments

> 
> Signed-off-by: Uri Lublin <uril@redhat.com>

Acked-by: Frediano Ziglio <fziglio@redhat.com>

> ----
> 
> Changes since v1:
>  1. :modified: was removed from the top
>  2. 2 ways to set up proxy -- are numbered
>  3. Comment added to not use http_proxy
>  4. "Installation (Fedora)" section removed.
>  5. A misplaced "the" was removed.
> 
> --
>  proxy.rst | 95
>  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 95 insertions(+)
>  create mode 100644 proxy.rst
> 
> diff --git a/proxy.rst b/proxy.rst
> new file mode 100644
> index 0000000..9332cd5
> --- /dev/null
> +++ b/proxy.rst
> @@ -0,0 +1,95 @@
> +Spice Proxy
> +###########
> +
> +:slug: spice-proxy
> +
> +Introduction
> +++++++++++++
> +
> +Spice client (remote-viewer) supports connecting to the server via an http
> proxy.
> +This may be desirable for cases when the client does not have direct access
> +to the server.
> +
> +Configuring the Client
> +++++++++++++++++++++++
> +
> +Proxy Format
> +^^^^^^^^^^^^
> +[protocol://]proxy-host[:proxy-port]
> +
> +.. code-block:: sh
> +
> +   for example: http://10.0.15.50:3128
> +
> +There are two ways to tell the client to connect via an http proxy:
> +
> +1. SPICE_PROXY environment variable
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +A SPICE_PROXY environment variable tells remote-viewer
> +to connect to the spice-server via a proxy-server
> +
> +.. code-block:: sh
> +
> +   export SPICE_PROXY="http://10.0.15.50:3128"
> +
> +(Please do not use "http_proxy" as it is not currently supported)
> +
> +2. proxy key in a vv-file (under [virt-viewer])
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +A proxy key in a vv-file tells remote-viewer to
> +connect to the spice-server via a proxy-server
> +
> +.. code-block:: sh
> +
> +   [virt-viewer]
> +   proxy=http://10.0.15.50:3128
> +
> +
> +Configuring the proxy server (squid as an example)
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> +Squid (squid-cache.org) can be used as a proxy server.
> +
> +This is just an example.
> +There are other configurations possible, and other proxy
> +servers.
> +Configuration should be done according to requirements.
> +Firewall, if exists, may need to be configured as well.
> +
> +
> +Example Configuration (Fedora)
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +For information about configuring Squid, please take a look
> +at squid documentation.
> +I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
> +
> +Let's assume there are two hosts (hypervisors) with
> +IP addresses 10.0.0.1 and 10.0.0.2, and both
> +use ports 5900 and 5901 for Spice.
> +A possible configuration may be (in /etc/squid/squid.conf):
> +
> +.. code-block:: sh
> +
> +   acl SPICE_HOSTS 10.0.0.1 10.0.0.2
> +   acl SPICE_PORTS 5900 5901
> +   http_access allow SPICE_HOSTS
> +   http_access allow SPICE_PORTS
> +   http_access deny all
> +
> +allow these hosts and ports but nothing else.
> +
> +
> +Running the client
> +++++++++++++++++++++++
> +Once the proxy is set up as described above, run the client as usual, e.g
> +
> +.. code-block:: sh
> +
> +   remote-viewer console.vv
> +
> +or
> +
> +.. code-block:: sh
> +
> +   remote-viewer spice://10.0.0.1:5901
> +
> +

Frediano
> On 19 Mar 2017, at 13:54, Uri Lublin <uril@redhat.com> wrote:
> 
> Signed-off-by: Uri Lublin <uril@redhat.com>
> ----
> 
> Changes since v1:
> 1. :modified: was removed from the top
> 2. 2 ways to set up proxy -- are numbered
> 3. Comment added to not use http_proxy
> 4. "Installation (Fedora)" section removed.
> 5. A misplaced "the" was removed.
> 
> --
> proxy.rst | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 95 insertions(+)
> create mode 100644 proxy.rst
> 
> diff --git a/proxy.rst b/proxy.rst
> new file mode 100644
> index 0000000..9332cd5
> --- /dev/null
> +++ b/proxy.rst
> @@ -0,0 +1,95 @@
> +Spice Proxy
> +###########
> +
> +:slug: spice-proxy
> +
> +Introduction
> +++++++++++++
> +
> +Spice client (remote-viewer) supports connecting to the server via an http proxy.
> +This may be desirable for cases when the client does not have direct access

I would write either “in cases where the client” or just “when the client”. Are there native english speakers on the list to confirm/infirm?


> +to the server.
> +
> +Configuring the Client
> +++++++++++++++++++++++
> +
> +Proxy Format
> +^^^^^^^^^^^^
> +[protocol://]proxy-host[:proxy-port]
> +
> +.. code-block:: sh
> +
> +   for example: http://10.0.15.50:3128
> +
> +There are two ways to tell the client to connect via an http proxy:
> +
> +1. SPICE_PROXY environment variable
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +A SPICE_PROXY environment variable tells remote-viewer
> +to connect to the spice-server via a proxy-server
> +
> +.. code-block:: sh
> +
> +   export SPICE_PROXY="http://10.0.15.50:3128"
> +
> +(Please do not use "http_proxy" as it is not currently supported)

Just curious, why not? It makes sense to have SPICE_PROXY to override if you need to. But why not support http_proxy as well?

> +
> +2. proxy key in a vv-file (under [virt-viewer])
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +A proxy key in a vv-file tells remote-viewer to
> +connect to the spice-server via a proxy-server
> +
> +.. code-block:: sh
> +
> +   [virt-viewer]
> +   proxy=http://10.0.15.50:3128
> +
> +
> +Configuring the proxy server (squid as an example)
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> +Squid (squid-cache.org) can be used as a proxy server.
> +
> +This is just an example.
> +There are other configurations possible, and other proxy
> +servers.
> +Configuration should be done according to requirements.
> +Firewall, if exists, may need to be configured as well.
> +
> +
> +Example Configuration (Fedora)
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> +For information about configuring Squid, please take a look
> +at squid documentation.
> +I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
> +
> +Let's assume there are two hosts (hypervisors) with
> +IP addresses 10.0.0.1 and 10.0.0.2, and both
> +use ports 5900 and 5901 for Spice.
> +A possible configuration may be (in /etc/squid/squid.conf):
> +
> +.. code-block:: sh
> +
> +   acl SPICE_HOSTS 10.0.0.1 10.0.0.2
> +   acl SPICE_PORTS 5900 5901
> +   http_access allow SPICE_HOSTS
> +   http_access allow SPICE_PORTS
> +   http_access deny all
> +
> +allow these hosts and ports but nothing else.
> +
> +
> +Running the client
> +++++++++++++++++++++++
> +Once the proxy is set up as described above, run the client as usual, e.g
> +
> +.. code-block:: sh
> +
> +   remote-viewer console.vv
> +
> +or
> +
> +.. code-block:: sh
> +
> +   remote-viewer spice://10.0.0.1:5901
> +
> +
> -- 
> 2.9.3
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel