Hi Michael On 3/17/25 20:29, Michael Still wrote:
Which version of Nova are you running? Are we talking about TLS from the user to the proxy, from the proxy to the hypervisor, or both?
We are running latest nova with Dalmatian, I think it is 30.0.0-5 From user to proxy TLS was easy to implement. Between proxy and hypervisor not so much (and still isn't set up).
TLS from the user to the proxy has been supported for a long time. The SPICE implementation added TLS support for traffic between the proxy and the hypervisor relatively recently on the hypervisor side, but I would be surprised [1] if the HTML5 proxy supported it.
https://review.opendev.org/c/openstack/nova/+/922544 is the specific patch I am referring to, which landed in 2024.2.
Michael
1: my reading of the proxy code is that it does not, but I look forward to being surprised by some subtleties I've missed.
Ok, thanks for checking out. I will also look at code in more detail. Cheers, Jani -- Berner Fachhochschule / Bern University of Applied Sciences IT-Services / Team Linux & Infrastructure Services Jani Heikkinen IT Linux Engineer ___________________________________________________________ Dammweg 3, CH-3013 Bern Telefon direkt +41 31 848 68 14 Telefon Servicedesk +41 31 848 48 48 jani.heikkinen@bfh.ch