core: use the URL scheme same as iframe for non-SSL enabled consoles (#5624)

* core: use the URL scheme same as iframe for non-SSL enabled consoles For environments where SSL is not enabled for console, this forces the URL scheme (http/https) in iframe to match the iframe URL scheme. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> * consoleproxy: enable SSL on CPVM when both console proxy url/domain and ssl setting are configured Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> * fix unit test Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> * address code review comments Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-10-26 08:42:29 +01:00 · 2021-10-29 22:12:44 +05:30 · 2021-10-29 22:12:44 +05:30 · 77fb93c513
commit 77fb93c513
parent 0a88e710b2
3 changed files with 17 additions and 15 deletions
--- a/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
+++ b/core/src/main/java/com/cloud/info/ConsoleProxyInfo.java
@ -46,7 +46,7 @@ public class ConsoleProxyInfo {
            }

        } else {
-            proxyImageUrl = "http://" + proxyAddress;
+            proxyImageUrl = "//" + proxyAddress;
            if (proxyUrlPort != 80) {
                proxyImageUrl += ":" + proxyUrlPort;
            }
--- a/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
+++ b/core/src/test/java/com/cloud/info/ConsoleProxyInfoTest.java
@ -19,10 +19,10 @@

 package com.cloud.info;

-import org.junit.Test;
-
 import static org.junit.Assert.assertEquals;

+import org.junit.Test;
+
 public class ConsoleProxyInfoTest {

    @Test
@ -35,7 +35,7 @@ public class ConsoleProxyInfoTest {
    public void testGetProxyImageUrlHttp() {
        ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "10.10.10.10", 80, 80 , "console.example.com");
        String url = cpi.getProxyImageUrl();
-        assertEquals("http://console.example.com", url);
+        assertEquals("//console.example.com", url);
    }
    @Test
    public void testGetProxyImageUrlWildcardHttps() {
@ -47,13 +47,13 @@ public class ConsoleProxyInfoTest {
    public void testGetProxyImageUrlWildcardHttp() {
        ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888 , "*.example.com");
        String url = cpi.getProxyImageUrl();
-        assertEquals("http://1-2-3-4.example.com:8888", url);
+        assertEquals("//1-2-3-4.example.com:8888", url);
    }
    @Test
    public void testGetProxyImageUrlIpHttp() {
        ConsoleProxyInfo cpi = new ConsoleProxyInfo(false, "1.2.3.4", 80, 8888, "");
        String url = cpi.getProxyImageUrl();
-        assertEquals("http://1.2.3.4:8888", url);
+        assertEquals("//1.2.3.4:8888", url);
    }
    @Test
    public void testGetProxyImageUrlIpHttps() {
--- a/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
+++ b/server/src/main/java/com/cloud/consoleproxy/AgentHookBase.java
@ -21,15 +21,12 @@ import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Date;

-import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Logger;
-
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.framework.security.keys.KeysManager;
 import org.apache.cloudstack.framework.security.keystore.KeystoreManager;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;

 import com.cloud.agent.AgentManager;
 import com.cloud.agent.api.AgentControlAnswer;
@ -54,6 +51,8 @@ import com.cloud.servlet.ConsoleProxyServlet;
 import com.cloud.utils.Ternary;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.VMInstanceDao;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;

 /**
 * Utility class to manage interactions with agent-based console access
@ -198,12 +197,15 @@ public abstract class AgentHookBase implements AgentHook {
            String storePassword = Base64.encodeBase64String(randomBytes);

            byte[] ksBits = null;
+
            String consoleProxyUrlDomain = _configDao.getValue(Config.ConsoleProxyUrlDomain.key());
-            if (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty()) {
-                s_logger.debug("SSL is disabled for console proxy based on global config, skip loading certificates");
-            } else {
+            String consoleProxySslEnabled = _configDao.getValue("consoleproxy.sslEnabled");
+            if (!StringUtils.isEmpty(consoleProxyUrlDomain) && !StringUtils.isEmpty(consoleProxySslEnabled)
+                    && consoleProxySslEnabled.equalsIgnoreCase("true")) {
                ksBits = _ksMgr.getKeystoreBits(ConsoleProxyManager.CERTIFICATE_NAME, ConsoleProxyManager.CERTIFICATE_NAME, storePassword);
                //ks manager raises exception if ksBits are null, hence no need to explicltly handle the condition
+            } else {
+                s_logger.debug("SSL is disabled for console proxy. To enable SSL, please configure consoleproxy.sslEnabled and consoleproxy.url.domain global settings.");
            }

            cmd = new StartConsoleProxyAgentHttpHandlerCommand(ksBits, storePassword);