Firefox 57 and noVNC

Hello,

I was trying noVNC the other day on FF 57. Imported katello CA (it was a katello intance), but it didn't work until I flipped flag "network.websocket.allowInsecureFromHTTPS" on and then it worked.

I remember that Firefox always worked out of box - when server CA was imported, it worked like charm. In the documentation we have "FF might need to turn on this flag". Anyone knows under which circumstances we need to flip this on?

Any luck setting up FF 57 without any hacking with noVNC?

https://theforeman.org/manuals/1.15/index.html#7.1NoVNC


··· --
Later,
  Lukas @lzap Zapletal
There are settings (websockets_ssl_{key,cert}) to choose which certificate is presented by the VNC websockets proxy. Are you sure the correct certificates are used by it?


··· On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote:
I was trying noVNC the other day on FF 57. Imported katello CA (it was
a katello intance), but it didn't work until I flipped flag
"network.websocket.allowInsecureFromHTTPS" on and then it worked.

I remember that Firefox always worked out of box - when server CA was
imported, it worked like charm. In the documentation we have "FF might
need to turn on this flag". Anyone knows under which circumstances we
need to flip this on?

Any luck setting up FF 57 without any hacking with noVNC?

https://theforeman.org/manuals/1.15/index.html#7.1NoVNC
This is Sat 6.3 install (Katello 3.4), no changes here:

# Websockets
:websockets_encrypt: on
:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key :websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

# SSL-settings
:ssl_certificate: /etc/foreman/client_cert.pem
:ssl_ca_file: /etc/foreman/proxy_ca.pem
:ssl_priv_key: /etc/foreman/client_key.pem


··· On Tue, Dec 5, 2017 at 12:06 PM, Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl> wrote:
On Tue, Dec 05, 2017 at 09:43:20AM +0100, Lukas Zapletal wrote:

I was trying noVNC the other day on FF 57. Imported katello CA (it was
a katello intance), but it didn't work until I flipped flag
"network.websocket.allowInsecureFromHTTPS" on and then it worked.

I remember that Firefox always worked out of box - when server CA was
imported, it worked like charm. In the documentation we have "FF might
need to turn on this flag". Anyone knows under which circumstances we
need to flip this on?

Any luck setting up FF 57 without any hacking with noVNC?

https://theforeman.org/manuals/1.15/index.html#7.1NoVNC

There are settings (websockets_ssl_{key,cert}) to choose which certificate
is presented by the VNC websockets proxy. Are you sure the correct
certificates are used by it?

--
You received this message because you are subscribed to the Google Groups
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
Later,
  Lukas @lzap Zapletal