Versions Compared

Old Version 24

changes.mady.by.user MS

Saved on

compared with

New Version 25

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Table of Contents

...

The -D flag is to daemonize websockify, 41337 is the port where websockify will be listening, and --target-config specifies the file containing the hash to IP and port mappings.

Adding SSL

Browsers do not allow you to open an unencrypted websocket connection from a page that is accessed using SSL for security reasons. Hence, if you set up SSL to access your Abiquo GUI, you must set up websockify to use SSL.

For that, you will need an SSL certificate and its private key. Note that this certificate needs to be accepted by the client browser, so they should be emitted by a trusted entity. Also check that the hostname that noVNC connects to matches the hostname in the certificate used. If you are testing a test environment which lacks a trusted certificate, you may need to manually open a connection to the IP and port the proxy is running in using your browser, and accept the provided certificate.

To run the websockify proxy with SSL, enter:

...

Setting up service autostart

To make sure the websockify proxy is started on system reboot, you need to download the provided init script and set it up to run on boot:

Code Block
# wget https://raw2.github.com/abiquo/noVNC/master/websockify -O /etc/init.d/websockify
--2014-02-18 09:42:07--  https://raw2.github.com/abiquo/noVNC/master/websockify
Resolving raw2.github.com... 185.31.16.133
Connecting to raw2.github.com|185.31.16.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1434 (1,4K) [text/plain]
Saving to: `/etc/init.d/websockify'
100%[=====================================================================================================================>] 1.434       --.-K/s   in 0s      
2014-02-18 09:42:11 (5,45 MB/s) - `/etc/init.d/websockify' saved [1434/1434]


# chmod +x /etc/init.d/websockify
# chkconfig websockify on
# service websockify start

Make sure websockify is not already running before issuing the "service websockify start" command.

Adding SSL

Browsers do not allow you to open an unencrypted websocket connection from a page that is accessed using SSL for security reasons. Hence, if you set up SSL to access your Abiquo GUI, you must set up websockify to use SSL.

For that, you will need an SSL certificate and its private key. Note that this certificate needs to be accepted by the client browser, so they should be emitted by a trusted entity. Also check that the hostname that noVNC connects to matches the hostname in the certificate used. If you are testing a test environment which lacks a trusted certificate, you may need to manually open a connection to the IP and port the proxy is running in using your browser, and accept the provided certificate.

To run the websockify proxy with SSL, enter:

Code Block
# /opt/websockify/websockify -D 41337 --target-config=/opt/websockify/config.vnc --cert=<path_to_your_cert_file> --key=<path_to_your_key_file>

Also note you should use a different support script to autostart the service using SSL. To do so, download the appropriate script:

Code Block
# wget https://raw2.github.com/abiquo/noVNC/master/websockify-ssl -O /etc/init.d/websockify
--2014-02-18 09:45:33--  https://raw2.github.com/abiquo/noVNC/master/websockify-ssl
Resolving raw2.github.com... 185.31.17.133
Connecting to raw2.github.com|185.31.17.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1554 (1,5K) [text/plain]
Saving to: `/etc/init.d/websockify'
100%[=====================================================================================================================>] 1.554       --.-K/s   in 0,001s  
2014-02-18 09:45:35 (1,12 MB/s) - `/etc/init.d/websockify' saved [1554/1554]

Now edit the script /etc/init.d/websockify and set the proper cert and key file by modifying the lines:

Code Block
CERT_FILE=/etc/pki/tls/certs/localhost.cert
KEY_FILE=/etc/pki/tls/certs/localhost.key

To point to your cert and key files. Then just made the script executable and set it to start on boot:

Code Block
# chmod +x /etc/init.d/websockify
# chkconfig websockify on
# service websockify start

Make sure websockify is not already running before issuing the "service websockify start" command.

Replacing TightVNC applet with noVNC in the client-premium webapp

Download the noVNC distribution package from:  http://kanaka.github.com/noVNC  

Note that this is the same package we used for the websockify

...