localhost should be direct accessed too

[balthild]

I'm sure it's a bug...

[balthild]

Oh I made a mistake too.
localhost should be direct accessed, but a remote host must be tunneled.
So we should change re.match('^127\.', console_host) to !re.match('^127\.', console_host) instead of removing it.

[QDaniel]

This is not a bug, is a feature.

The GUI can run on a other host as the VM. If you have multiple computes and this are public servers then you must set the vNC listen adress to 127.0.0.1 and make a ssh tunnel to the compute-host.

If you set the listen adress to "All Interfaces" then this is a big security hole. And everybody has full access to your machines.

[W0rmsy]

Hello, is this linked to #309 ?
would be awesome, it can solve the issue :)

[balthild]

Well... I remember the reason that I thought it's a bug is, the noVNC connection fails with the condition re.match('^127\.', console_host). But I had not considered the security problem at that time. So the connection failure is intended, and I should configure the tunnel elsewhere to get noVNC work properly?