diff options
| author | Anthony Young <sleepsonthefloor@gmail.com> | 2011-03-23 15:53:46 -0700 |
|---|---|---|
| committer | Anthony Young <sleepsonthefloor@gmail.com> | 2011-03-23 15:53:46 -0700 |
| commit | e0289dd26821545a6ef2ca91eb2dba7c11c2cc9f (patch) | |
| tree | e39d0a18e3410c516d24e098cc93cd667cd03be6 /bin | |
| parent | 5cdf8f63fb2dbccea0152d17f00bf80352f8fa1a (diff) | |
general cleanup, use whitelist for webserver security
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/nova-vnc-proxy | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/bin/nova-vnc-proxy b/bin/nova-vnc-proxy index 838c871d0..4cd1e9082 100755 --- a/bin/nova-vnc-proxy +++ b/bin/nova-vnc-proxy @@ -44,14 +44,16 @@ from nova.vnc import proxy LOG = logging.getLogger('nova.vnc-proxy') FLAGS = flags.FLAGS -flags.DEFINE_string('vnc_proxy_wwwroot', '/code/noVNC/vnclet/noVNC', +flags.DEFINE_string('vnc_proxy_wwwroot', '/code/noVNC/', 'Full path to noVNC directory') flags.DEFINE_boolean('vnc_debug', False, 'Enable debugging features, like token bypassing') -flags.DEFINE_integer('vnc_proxy_port', 7000, +flags.DEFINE_integer('vnc_proxy_port', 6080, 'Port that the VNC proxy should bind to') -flags.DEFINE_string('vnc_proxy_host', '0.0.0.0', +flags.DEFINE_string('vnc_proxy_iface', '0.0.0.0', 'Address that the VNC proxy should bind to') +flags.DEFINE_integer('vnc_token_ttl', 300, + 'How many seconds before deleting tokens') flags.DEFINE_flag(flags.HelpFlag()) flags.DEFINE_flag(flags.HelpshortFlag()) flags.DEFINE_flag(flags.HelpXMLFlag()) @@ -64,8 +66,20 @@ if __name__ == "__main__": LOG.audit(_("Starting nova-vnc-proxy node (version %s)"), version.version_string_with_vcs()) + if not os.path.exists(FLAGS.vnc_proxy_wwwroot): + LOG.info(_("Missing vnc_proxy_wwwroot (version %s)"), + FLAGS.vnc_proxy_wwwroot) + LOG.info(_("You need a slightly modified version of noVNC " + "to work with the nova-vnc-proxy")) + LOG.info(_("Check out the most recent nova noVNC code here: %s"), + "git://github.com/sleepsonthefloor/noVNC.git") + exit(1) + app = proxy.WebsocketVNCProxy(FLAGS.vnc_proxy_wwwroot) + LOG.audit(_("Allowing access to the following files: %s"), + app.get_whitelist()) + with_logging = auth.LoggingMiddleware(app) if FLAGS.vnc_debug: @@ -74,5 +88,5 @@ if __name__ == "__main__": with_auth = auth.NovaAuthMiddleware(with_logging) server = wsgi.Server() - server.start(with_auth, FLAGS.vnc_proxy_port, host=FLAGS.vnc_proxy_host) + server.start(with_auth, FLAGS.vnc_proxy_port, host=FLAGS.vnc_proxy_iface) server.wait() |