starred/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud.git synced 2026-04-25 15:35:57 +03:00
Code Issues 199 Projects Releases 1 Packages Wiki Activity

[GH-ISSUE #540] TLS as connection type #319

New issue
Open
opened 2026-02-27 15:58:14 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 15:58:14 +03:00
Owner
Copy link

Originally created by @ssbaksa on GitHub (Sep 15, 2022).
Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/540

Hi,

This isn't a bug but more a help request.

I am using WebVirt in docker environment and it is a great way for doing so but I have decided to test TLS as connection method.
Where do you propose to keep certificate files? I am not sure even with ordinary installation where to put them. It is easy with libvirt/virsh because you keep all of them under /etc/pki structure and it works as it should.

Also, in TLS tab there are a username and password fields. What if I want to use only certificates without SASL? Is that possible with current version of WebVirt? I know that certs + login&password is more secure way but ...

Originally created by @ssbaksa on GitHub (Sep 15, 2022). Original GitHub issue: https://github.com/retspen/webvirtcloud/issues/540 Hi, This isn't a bug but more a help request. I am using WebVirt in docker environment and it is a great way for doing so but I have decided to test TLS as connection method. Where do you propose to keep certificate files? I am not sure even with ordinary installation where to put them. It is easy with libvirt/virsh because you keep all of them under /etc/pki structure and it works as it should. Also, in TLS tab there are a username and password fields. What if I want to use only certificates without SASL? Is that possible with current version of WebVirt? I know that certs + login&password is more secure way but ...
kerem commented 2026-02-27 15:58:15 +03:00
Author
Owner
Copy link

@catborise commented on GitHub (Sep 16, 2022):

i personally use TCP with SASL passwd mechanism. I never used TLS. i may research how to do it.

also;

you may take a look at https://avdv.github.io/libvirt/auth.html
The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. The SASL mechanism configured by default is DIGEST-MD5, which provides a basic username+password style authentication. It also provides for encryption of the data stream, so the security of the plain TCP socket is on a par with that of the TLS socket. If desired the UNIX socket and TLS socket can also have SASL enabled by setting the auth_unix_ro, auth_unix_rw, auth_tls config params in libvirt.conf.

<!-- gh-comment-id:1249342052 --> @catborise commented on GitHub (Sep 16, 2022): i personally use TCP with SASL passwd mechanism. I never used TLS. i may research how to do it. also; you may take a look at https://avdv.github.io/libvirt/auth.html _The plain TCP socket of the libvirt daemon defaults to using SASL for authentication. The SASL mechanism configured by default is DIGEST-MD5, which provides a basic username+password style authentication. It also provides for encryption of the data stream, so the security of the plain TCP socket is on a par with that of the TLS socket. If desired the UNIX socket and TLS socket can also have SASL enabled by setting the auth_unix_ro, auth_unix_rw, auth_tls config params in libvirt.conf._
kerem commented 2026-02-27 15:58:15 +03:00
Author
Owner
Copy link

@ssbaksa commented on GitHub (Sep 16, 2022):

Me to but I had some strange issues with compute to compute server communication and decided to try new approach.
I have seen that page and SASL is default for all of my servers (16 at this moment, 5 in preparation process).

Those pages below have been the starting points for investigation how to use TLS and it works like a charm with command line tool (virsh).
https://wiki.libvirt.org/page/TLSSetup#Setting_up_libvirt_for_TLS_.28Encryption_.26_Authentication.29
https://libvirt.org/kbase/tlscerts.html

I have thought that since there is a tab for TLS connection when adding compute server that this is already tested but undocumented feature.

If you need any help with testing, just ping me. I am testing now how to add TLS to GUI - Virtual machine manager and different TLS generation ways.

<!-- gh-comment-id:1249453985 --> @ssbaksa commented on GitHub (Sep 16, 2022): Me to but I had some strange issues with compute to compute server communication and decided to try new approach. I have seen that page and SASL is default for all of my servers (16 at this moment, 5 in preparation process). Those pages below have been the starting points for investigation how to use TLS and it works like a charm with command line tool (virsh). https://wiki.libvirt.org/page/TLSSetup#Setting_up_libvirt_for_TLS_.28Encryption_.26_Authentication.29 https://libvirt.org/kbase/tlscerts.html I have thought that since there is a tab for TLS connection when adding compute server that this is already tested but undocumented feature. If you need any help with testing, just ping me. I am testing now how to add TLS to GUI - Virtual machine manager and different TLS generation ways.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.0
Labels
Clear labels   
bug

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
enhancement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webvirtcloud#319
No description provided.