Accessing VM Console From Outside Your Network For VMware

Platform9's managed OpenStack private cloud deployment gives users the ability to launch a VNC console for Virtual Machine instances that are under its' management. However, this is only possible if the browser is on the same network as the Platform9 VMware gateway appliance.

To get around this restriction, administrators can setup a simple proxy to route traffic to the noVNC port on the gateway appliance, then route the VNC traffic via this proxy.

This proxy should be accessible to your end users, as well as be able to communicate with the Platform9 VMware gateway appliance.

This tutorial lays out the steps needed to accomplish this, using nginx as a proxy server, on a CentOS machine.

Step 1 - Install nginx

On CentOS, you can install nginx via yum simply by issuing the following command:

Bash
    
 
yum install nginx
Copy

If you already have nginx installed, you may want to ensure that it it updated to the latest version. You can do this directly by issuing the following commands:

Bash
    
 
yum install http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpmyum install nginx
Copy

Step 2 - Configure nginx

Once nginx has been installed, it will need to be configured to route traffic to the VMware gateway appliance. Since we are setting up a separate proxy, we can also put in an added layer of security by ensuring that all connections are over HTTPS, using appropriate certificates. For e.g., assuming that the host or appliance IP is 192.0.2.10, and the proxy machine has an IP of 203.0.113.55 this is a sample nginx configuration that will accept incoming traffic on HTTPS, and redirect it to the host:

Bash
    
 
server {  listen 203.0.113.55:443;  server_name 203.0.113.55;  ssl on;  ssl_certificate /etc/nginx/secure-cert.pem;  ssl_certificate_key /etc/nginx/secure-key.pem;  location / {    proxy_pass http://192.0.2.10:6080/;    proxy_http_version 1.1;    proxy_set_header Upgrade $http_upgrade;    proxy_set_header Connection "upgrade";    proxy_read_timeout 1800s;    proxy_send_timeout 1800s;    proxy_buffering off;  }}
Copy

This configuration should be placed under the /etc/nginx/conf.d folder so that the nginx service can ingest it on startup

Step 3 - Start nginx

Once the configuration is created, nginx can be started.

If you have not removed the pass phrase from your SSL certificate security key, you will need to enter it when starting the nginx service.

Bash
    
 
service nginx start
Copy

Step 4 - Modify nova configuration to use the proxy as the noVNC base URL

Login to the VMware appliance. The noVNC base url entry can be found in /opt/pf9/etc/nova/conf.d/nova_vmw_override.conf. Change the noVNC proxy base URL entry, and restart the pf9-ostackhost and pf9-novncproxy services:

Bash
    
 
novncproxy_base_url = https://203.0.113.55/vnc_auto.htmlservice pf9-ostackhost restartsystemctl restart pf9-novncproxy
Copy

Now, when the VNC console is loaded from the Platform9 UI, the browser will open a connection to the externally visible proxy server - via HTTPS - which in turn will send that data to the appliance to provide a VNC console view to external users.

Last updated on

Was this page helpful?