Accessing VM Console from Outside Your Network for Linux-KVM

You can configure Nginx to serve as a reverse proxy server to facilitate access to the console of one or more virtual machines (VM) running on KVM-based hypervisors, without exposing the hypervisors to all cloud users. With the reverse proxy configuration, cloud users that do not have access to KVM-based hypervisors are able to access the console of the VMs running on such hypervisors.

The process broadly comprises the following steps.

  1. Identify the physical machine or the node that would act as the reverse proxy node.
  2. Create a DNS A record pointing to this host for host URL- to- IP address mapping. This is an optional step. This can be done if you do not wish to expose the host IP address.
  3. Install Nginx on the reverse proxy node.
  4. Edit the nginx.conf file to reverse proxy all the hostnames.
  5. Log in to each host and configure noVNC to point to the reverse proxy node.

Let us look at the installation and host configuration steps in detail.

Install Nginx

Run the following commands on the node identified to serve as the reverse proxy, to install the Nginx web server.

Bash
Copy

Generate Diffie Hellman(DH) parameters for Nginx

Run the following commands on the reverse proxy node, to generate DH parameters for the Nginx server for a secure encrypted communication.

Bash
Copy

Edit nginx.conf

Edit the nginx configuration file /etc/nginx/nginx.conf that is located on the reverse proxy node.

Add or modify the default server section in nginx.conf to force redirection to HTTPS.

Bash
Copy

Edit 01_Proxy.conf

For the purpose of this section, let us assume that we have five compute hosts and one glance host with the following host names and IP addresses.

  • compute01 - 192.0.2.2
  • compute02 - 192.0.2.3
  • compute03 - 192.0.2.4
  • compute04 - 192.0.2.5,
  • compute05 - 192.0.2.6
  • glance - 192.0.2.7

Platform9 4.X Proxy Config File

Edit the file /etc/nginx/conf.d/01_proxy.conf that is located on the reverse proxy node, to add the following information related to the hosts to access through the reverse proxy node, and information related to SSL communication.

Bash
Copy

Platform9 3.x Proxy Config File

For Platform9 releases older than 4.0, the above mentioned /etc/nginx/conf.d/01_proxy.conf file needs to be slightly different. The only section that differs from 4.x Proxy Config is the 'if' condition block in the last location regex above.

Bash
Copy

Reload Nginx Configuration

Run the following command to reload Nginx configuration.

Bash
Copy

Configure noVNC on hosts

The noVNC client must be installed on each host machine. The cloud users can access the reverse proxy and access the VM consoles running on hypervisors that they might not, otherwise, have access to.

The noVNC on every host must be configured to point to the reverse proxy node.

Bash
Copy

</partialuri></backend_host></certificate></certificate>

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard