74 lines
2.5 KiB
Plaintext
74 lines
2.5 KiB
Plaintext
|
<!--
|
||
|
index.vnc - default HTML page for TightVNC Java viewer applet, to be
|
||
|
used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
|
||
|
Xvnc will substitute the following variables when preceded by a dollar:
|
||
|
USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
|
||
|
PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated
|
||
|
HTML page.
|
||
|
|
||
|
NOTE: the $PARAMS variable is not supported by the standard VNC, so
|
||
|
make sure you have TightVNC on the server side, if you're using this
|
||
|
variable.
|
||
|
-->
|
||
|
|
||
|
<!--
|
||
|
The idea behind using the signed applet in SignedVncViewer.jar for
|
||
|
firewall proxies:
|
||
|
|
||
|
Java socket applets and http proxies do not get along well.
|
||
|
|
||
|
Java security allows the applet to connect back via a socket to the
|
||
|
originating host, but the browser/plugin Proxy settings are not used for
|
||
|
socket connections (only http and the like). So the socket connection
|
||
|
fails in the proxy environment.
|
||
|
|
||
|
The applet is not allowed to open a socket connection to the proxy (since
|
||
|
that would let it connect to just about any host, e.g. CONNECT method).
|
||
|
|
||
|
This is indpendent of SSL but of course fails for that socket connection
|
||
|
as well. I.e. this is a problem for non-SSL VNC Viewers as well.
|
||
|
|
||
|
Solution? Sign the applet and have the user click on "Yes" that they
|
||
|
fully trust the applet. Then the applet can connect to any host via
|
||
|
sockets, in particular the proxy. It next issues the request
|
||
|
|
||
|
CONNECT host:port HTTP/1.1
|
||
|
Host: host:port
|
||
|
|
||
|
and if the proxy supports the CONNECT method we are finally connected to
|
||
|
the VNC server.
|
||
|
|
||
|
For SSL connections, SSL is layered on top of this socket. However note
|
||
|
this scheme will work for non-SSL applet proxy tunnelling as well.
|
||
|
|
||
|
It should be able to get non-SSL VNC connections to work via GET
|
||
|
command but that has not been done yet.
|
||
|
|
||
|
Note that some proxies only allow CONNECT to only these the ports 443
|
||
|
(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on
|
||
|
those ports.
|
||
|
|
||
|
SignedVncViewer.jar is just a signed version of VncViewer.jar
|
||
|
|
||
|
The URL to use for this file: https://host:port/proxy.vnc
|
||
|
|
||
|
Note VNCSERVERPORT, we assume $PARAMS will have the correct PORT setting
|
||
|
(e.g. 563), not the one libvncserver puts in....
|
||
|
|
||
|
-->
|
||
|
|
||
|
|
||
|
<HTML>
|
||
|
<TITLE>
|
||
|
$USER's $DESKTOP desktop ($DISPLAY)
|
||
|
</TITLE>
|
||
|
<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar
|
||
|
WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT>
|
||
|
<param name=VNCSERVERPORT value=$PORT>
|
||
|
<param name="Open New Window" value=yes>
|
||
|
$PARAMS
|
||
|
</APPLET>
|
||
|
<BR>
|
||
|
<A href="http://www.tightvnc.com/">TightVNC site</A>
|
||
|
</HTML>
|