is it possible to setup an ssl connection on playbook? I found SecureSocket class in the api but it seems playbook platform doesnt support ssl connections. Any ideas?
It depends what you're trying to connect to, but if it's a web server, then you can use URLRequest to connect via https, which uses an SSL connection.
I don't think there's currently a general way to do it in AIR, without using a third-party library, however.
Related
I am using Ansible in my current application to deploy my code. I using SSH connections to connect to servers(host) ,where code needs to be deployed. We are migrating to new servers where SSH connection is not available only webssh connection is available.
Can i still use ansible to connect to new servers?
With webSSH, webterminals, Ajax terminals, and such solutions you make it possible to access the SSH service via your web browsers. The necessary code is usually made of JavaScript, Ajax, Websockets or others.
Can I still use Ansible to connect to new servers?
Out of the box there is connection plugin I am aware of.
If you have connection module available which addresses your webterminal, probably yes. An other option can be to use REST API if such is implemented in your webterminal.
I'm developing a project using mediasoup, in all examples server is running under
ssl, even in localhost is this required? I guess certificate is for remote peers can use media resourses, but browsers allow consume media resourses in http://localhost
You can sniff plain text passwords being sent across loopback without encryption. So yes, encryption is still required for localhost access.
I have a windows 8.1 machine running ubuntu 14.x on a virtualbox. I'm running meteor inside that virtualbox. I've bridged the connection and turned off the firewall on both machines. I'm able to connect to the internet from the virtual box, and I can telnet from the windows host into the ubuntu machine.
I can also connect to meteor apps that are not using the force-ssl package; however, I CANNOT connect to meteor apps that are using force-ssl!
If I run "meteor remove force-ssl" I can connect to the app. Any thoughts? Thanks.
EDIT - by connect to the app, I mean "http://[ip_address_of_guest]:3000/" in a browser on the host machine. I've tried both http and https.
I'm new to Meteor but, from this documentation, it looks to me like you are seeing the intended behaviour ...
"This package, part of Webapp, causes Meteor to redirect insecure
connections (HTTP) to a secure URL (HTTPS). Use this package to ensure
that communication to the server is always encrypted to protect users
from active spoofing attacks.
To simplify development, unencrypted connections from localhost are
always accepted over HTTP.
Application bundles (meteor bundle) do not include an HTTPS server or
certificate. A proxy server that terminates SSL in front of a Meteor
bundle must set the standard x-forwarded-proto header for the
force-ssl package to work.
Applications deployed to meteor.com subdomains with meteor deploy are
automatically served via HTTPS using Meteor's certificate."
This answer clarifies.
I am about to try the Digital Ocean guide, "How To Deploy a Meteor.js Application on Ubuntu 14.04 with Nginx", myself to see if it correctly documents the required set up steps. I'll update with my results.
I have an application which can access a LDAP server with non-SSL connection. Now, the LDAP server has been configured to support only SSL.
So, now what are the new components or changes in the existing components which I have to do.
If your application really doesn't support SSL (btw it would've made things easier if you'd told us what program you're trying to use), you can try an SSL wrapper, such as stunnel that can be configured to connect to the SSL-protected LDAP service whenever your program connects to the "entrance" of the tunnel. This way, your program doesn't have to support SSL, but your connection to the LDAP server is still secured by SSL (if the SSL wrapper runs on the same host as your program).
You should only have to change ldap: to ldaps: in the client.
Not sure if i'm really up-to-date, but i'm looking in a way to convert my existing project to use HTML5 websockets.
Here's my situation :
- Client runs a modified java vnc applet with extra parameter (CONNECT).
- Modified stunnel listenin on webserver (with both public, private IP) port 443
- Client connects to 443 and sends (prior to RFB) a HTTP packet like :
'CONNECT 10.0.0.1:4001'
- Stunnel opens a new stream to 10.0.0.1:4001 using SSL wrapper
- VNC Server (#10.0.0.1:4001) responds, connection is established.
Now I want to get rid of the Java Applet and switch to Websocket using NoVNC.
I want to be able to :
- Open a single port on the webserver (HTTPS preferably)
- Have client connect using HTML5 only (no more java applet)
I cannot change :
- VNCServer will still be listening on private LAN only.
- VNCServer will still listen to a bunch of ports, each corresponding to
a virtual server
Questions are :
- How to give NoVNC the notion of target HOST:PORT ?
- Is stunnel still be usable ? Or should I change to websocket proxy ?
If anyone has a starting point, i'd really appreciate !
Disclaimer: I created noVNC so my answer may be heavily biased ;-)
I'll answer you second question first:
stunnel cannot be used directly by noVNC. The issue is that the WebSockets protocol has an HTTP-like initial handshake and the messages are framed. In addition, until binary payload support is added to WebSockets, the payload is base64 encoded by the websockets proxy (websockify). Adding the necessary support to stunnel would be non-trivial but certainly doable. In fact noVNC issue #37 is an aspirational feature to add this support to stunnel.
First question:
noVNC already has a concept of HOST:PORT via the RFB.connect(host, port, password) method. The file vnc_auto.html at the top level shows how to get noVNC to automatically connect on page load based on the host, port and password specified as URL query string parameters.
However, I think what you are really asking is how do you get noVNC to connect to alternate VNC server ports on the backend. This problem is not directly addressed by noVNC and websockify. There are several ways to solve this and it usually involves an out-of-band setup/authorization mechanism so that the proxy can't be used to launch attacks by arbitrary hosts. For example, at my company we have a web based management framework that integrates noVNC and when the user wants to connect to the console, an authenticated AJAX call is used to configure the proxy for that particular user and the system they want to connect to. Our web management interface is internal only.
Ganeti Web Manager uses a similar model and the source is available. They have a fork of VNCAuthProxy that has WebSockets support. They use a control channel from the web interface to the VNCAuthProxy to setup a temporary password associated with a specific VNC server host:port.
Also OpenStack (Nova) integrates noVNC uses a similar out-of-band token based model to allow access with their nova-vncproxy.
Some links:
Ganeti Web Manager
Wiki page about how noVNC works in Ganeti Web Manager
Ganeti Web Manager sources
Ganeti Web Manager VNCAUthProxy sources
Using noVNC in Nova/OpenStack
OpenStack fork of noVNC
Old nova-vnc-proxy code
Current nova vnc proxy code