Home | History | Annotate | Download | only in ssl 
      1 <!-- 
      2      index.vnc - default HTML page for TightVNC Java viewer applet, to be
      3      used with Xvnc. On any file ending in .vnc, the HTTP server embedded in
      4      Xvnc will substitute the following variables when preceded by a dollar:
      5      USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT,
      6      PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated
      7      HTML page.
      8 
      9      NOTE: the $PARAMS variable is not supported by the standard VNC, so
     10      make sure you have TightVNC on the server side, if you're using this
     11      variable.
     12 -->
     13 
     14 <!--
     15 The idea behind using the signed applet in SignedVncViewer.jar for
     16 firewall proxies:
     17 
     18 Java socket applets and http proxies do not get along well.
     19 
     20 Java security allows the applet to connect back via a socket to the
     21 originating host, but the browser/plugin Proxy settings are not used for
     22 socket connections (only http and the like).  So the socket connection
     23 fails in the proxy environment.
     24 
     25 The applet is not allowed to open a socket connection to the proxy (since
     26 that would let it connect to just about any host, e.g. CONNECT method).
     27 
     28 This is indpendent of SSL but of course fails for that socket connection
     29 as well.  I.e. this is a problem for non-SSL VNC Viewers as well.
     30 
     31 Solution?  Sign the applet and have the user click on "Yes" that they
     32 fully trust the applet.  Then the applet can connect to any host via
     33 sockets, in particular the proxy.  It next issues the request
     34 
     35 	CONNECT host:port HTTP/1.1
     36 	Host: host:port
     37 
     38 and if the proxy supports the CONNECT method we are finally connected to
     39 the VNC server.
     40 
     41 For SSL connections, SSL is layered on top of this socket.  However note
     42 this scheme will work for non-SSL applet proxy tunnelling as well.
     43 
     44 It should be able to get non-SSL VNC connections to work via GET
     45 command but that has not been done yet.
     46 
     47 Note that some proxies only allow CONNECT to only these the ports 443
     48 (HTTPS) and 563 (SNEWS).  So you would have to run the VNC server on
     49 those ports.
     50 
     51 SignedVncViewer.jar is just a signed version of VncViewer.jar
     52 
     53 The URL to use for this file:  https://host:port/proxy.vnc
     54 
     55 Note VNCSERVERPORT, we assume $PARAMS will have the correct PORT setting
     56 (e.g. 563), not the one libvncserver puts in....
     57 
     58 -->
     59 
     60 
     61 <HTML>
     62 <TITLE>
     63 $USER's $DESKTOP desktop ($DISPLAY)
     64 </TITLE>
     65 <APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar
     66         WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT>
     67 <param name=VNCSERVERPORT value=$PORT>
     68 <param name="Open New Window" value=yes>
     69 $PARAMS
     70 </APPLET>
     71 <BR>
     72 <A href="http://www.karlrunge.com/x11vnc">x11vnc site</A>
     73 </HTML>
     74