Spice client (remote-viewer) supports connecting to the server via an http proxy. This may be desirable for cases when the client does not have direct access to the server.
[protocol://]proxy-host[:proxy-port]
for example: http://10.0.15.50:3128
There are two ways to tell the client to connect via an http proxy:
A SPICE_PROXY environment variable tells remote-viewer to connect to the spice-server via a proxy-server
export SPICE_PROXY="http://10.0.15.50:3128"
(Please do not use "http_proxy" as it is not currently supported)
A proxy key in a vv-file tells remote-viewer to connect to the spice-server via a proxy-server
[virt-viewer]
proxy=http://10.0.15.50:3128
Squid (squid-cache.org) can be used as a proxy server.
This is just an example. There are other configurations possible, and other proxy servers. Configuration should be done according to requirements. Firewall, if exists, may need to be configured as well.
For information about configuring Squid, please take a look at squid documentation. I looked at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
Let's assume there are two hosts (hypervisors) with IP addresses 10.0.0.1 and 10.0.0.2, and both use ports 5900 and 5901 for Spice. A possible configuration may be (in /etc/squid/squid.conf):
acl SPICE_HOSTS 10.0.0.1 10.0.0.2
acl SPICE_PORTS 5900 5901
http_access allow SPICE_HOSTS
http_access allow SPICE_PORTS
http_access deny all
allow these hosts and ports but nothing else.
Once the proxy is set up as described above, run the client as usual, e.g
remote-viewer console.vv
or
remote-viewer spice://10.0.0.1:5901