You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.5 KiB
74 lines
2.5 KiB
<!--
|
|
index.vnc - default HTML page for TightVNC Java viewer applet, to be
|
|
used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
|
|
Xvnc will substitute the following variables when preceded by a dollar:
|
|
USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
|
|
PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated
|
|
HTML page.
|
|
|
|
NOTE: the $PARAMS variable is not supported by the standard VNC, so
|
|
make sure you have TightVNC on the server side, if you're using this
|
|
variable.
|
|
-->
|
|
|
|
<!--
|
|
The idea behind using the signed applet in SignedVncViewer.jar for
|
|
firewall proxies:
|
|
|
|
Java socket applets and http proxies do not get along well.
|
|
|
|
Java security allows the applet to connect back via a socket to the
|
|
originating host, but the browser/plugin Proxy settings are not used for
|
|
socket connections (only http and the like). So the socket connection
|
|
fails in the proxy environment.
|
|
|
|
The applet is not allowed to open a socket connection to the proxy (since
|
|
that would let it connect to just about any host, e.g. CONNECT method).
|
|
|
|
This is indpendent of SSL but of course fails for that socket connection
|
|
as well. I.e. this is a problem for non-SSL VNC Viewers as well.
|
|
|
|
Solution? Sign the applet and have the user click on "Yes" that they
|
|
fully trust the applet. Then the applet can connect to any host via
|
|
sockets, in particular the proxy. It next issues the request
|
|
|
|
CONNECT host:port HTTP/1.1
|
|
Host: host:port
|
|
|
|
and if the proxy supports the CONNECT method we are finally connected to
|
|
the VNC server.
|
|
|
|
For SSL connections, SSL is layered on top of this socket. However note
|
|
this scheme will work for non-SSL applet proxy tunnelling as well.
|
|
|
|
It should be able to get non-SSL VNC connections to work via GET
|
|
command but that has not been done yet.
|
|
|
|
Note that some proxies only allow CONNECT to only these the ports 443
|
|
(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on
|
|
those ports.
|
|
|
|
SignedVncViewer.jar is just a signed version of VncViewer.jar
|
|
|
|
The URL to use for this file: https://host:port/proxy.vnc
|
|
|
|
Note VNCSERVERPORT, we assume $PARAMS will have the correct PORT setting
|
|
(e.g. 563), not the one libvncserver puts in....
|
|
|
|
-->
|
|
|
|
|
|
<HTML>
|
|
<TITLE>
|
|
$USER's $DESKTOP desktop ($DISPLAY)
|
|
</TITLE>
|
|
<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar
|
|
WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT>
|
|
<param name=VNCSERVERPORT value=$PORT>
|
|
<param name="Open New Window" value=yes>
|
|
$PARAMS
|
|
</APPLET>
|
|
<BR>
|
|
<A href="http://www.tightvnc.com/">TightVNC site</A>
|
|
</HTML>
|