Hi All,
I have made some Desktops and Interactive apps working. But It seems that python3-websockify does not enable any SSL, which is understandable as we have no FQDN for compute nodes, and no host certs for them.
Would it be advisable/possible to enable SSL for whatever security it gives, using as self signed cert for each node? Where in the OOD do I specify the cert name for websockify to find it? Thanks!
Grigory Shamov
University of Manitoba
Specifically, I see in the session’s output:
Launching desktop ‘fluffbox’…
unable to find device ‘0’
/usr/lib/python3.6/site-packages/websockify/websocket.py:30: UserWarning: no ‘numpy’ module, HyBi protocol will be slower
warnings.warn(“no ‘numpy’ module, HyBi protocol will be slower”)
WebSocket server settings:
Where does it look for the file, on CentOS 7? I do have a self.pem in /etc/pki/tls/certs ( which seems to be a default name , according to websockify man page).
Hi - I don’t know if we support this yet, though you may try. You may be able add the flag in the websockify_cmd configuration.
Though I don’t know if it’ll work as we assume it’s ws and not wss and typically do SSL offloading in apache. I’m fairly certain we do and this won’t work, but I don’t know it for a fact and would have to look up the appropriate code that does the proxying.
https://osc.github.io/ood-documentation/latest/reference/files/submit-yml/vnc-bc-options.html
That said - even if this could work - you’d likely need actual certificates and not self signed ones.
Ok, I have added --cert and --key parameters for the nodes’ selfsigned certs explicitly to the websockify command. It did remove the warning: Now I see instead.
May be it works, or thinks it works. I am using the latest python3-websockify 0.10. The command is no longer “run” (as in OOD documentation) but “websockify”.