diff options
Diffstat (limited to 'webclients/java-applet/ssl/proxy.vnc')
| -rw-r--r-- | webclients/java-applet/ssl/proxy.vnc | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/webclients/java-applet/ssl/proxy.vnc b/webclients/java-applet/ssl/proxy.vnc new file mode 100644 index 0000000..6d3ab3d --- /dev/null +++ b/webclients/java-applet/ssl/proxy.vnc @@ -0,0 +1,73 @@ +<!-- + index.vnc - default HTML page for TightVNC Java viewer applet, to be + used with Xvnc. On any file ending in .vnc, the HTTP server embedded in + Xvnc will substitute the following variables when preceded by a dollar: + USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT, + PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated + HTML page. + + NOTE: the $PARAMS variable is not supported by the standard VNC, so + make sure you have TightVNC on the server side, if you're using this + variable. +--> + +<!-- +The idea behind using the signed applet in SignedVncViewer.jar for +firewall proxies: + +Java socket applets and http proxies do not get along well. + +Java security allows the applet to connect back via a socket to the +originating host, but the browser/plugin Proxy settings are not used for +socket connections (only http and the like). So the socket connection +fails in the proxy environment. + +The applet is not allowed to open a socket connection to the proxy (since +that would let it connect to just about any host, e.g. CONNECT method). + +This is indpendent of SSL but of course fails for that socket connection +as well. I.e. this is a problem for non-SSL VNC Viewers as well. + +Solution? Sign the applet and have the user click on "Yes" that they +fully trust the applet. Then the applet can connect to any host via +sockets, in particular the proxy. It next issues the request + + CONNECT host:port HTTP/1.1 + Host: host:port + +and if the proxy supports the CONNECT method we are finally connected to +the VNC server. + +For SSL connections, SSL is layered on top of this socket. However note +this scheme will work for non-SSL applet proxy tunnelling as well. + +It should be able to get non-SSL VNC connections to work via GET +command but that has not been done yet. + +Note that some proxies only allow CONNECT to only these the ports 443 +(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on +those ports. + +SignedVncViewer.jar is just a signed version of VncViewer.jar + +The URL to use for this file: https://host:port/proxy.vnc + +Note VNCSERVERPORT, we assume $PARAMS will have the correct PORT setting +(e.g. 563), not the one libvncserver puts in.... + +--> + + +<HTML> +<TITLE> +$USER's $DESKTOP desktop ($DISPLAY) +</TITLE> +<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar + WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT> +<param name=VNCSERVERPORT value=$PORT> +<param name="Open New Window" value=yes> +$PARAMS +</APPLET> +<BR> +<A href="http://www.karlrunge.com/x11vnc">x11vnc site</A> +</HTML> |