Page Comparison

...

1. Log in to the API Server as an administrator

2. Install and load mod_proxy_wstunnel

   1. Edit /etc/httpd/conf.modules.d/00-proxy.conf

   2. Go to the end and add LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

3. Edit /etc/httpd/conf.d/abiquo.conf and add one Location for each Remote services server. For example, for two servers:

   Code Block
   <Location /wsdata> ProxyPass wss://rs1.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs1.cloud.example.com:7070 Require all granted </Location> <Location /wsdata2> ProxyPass wss://rs2.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs2.cloud.example.com:7070 Require all granted </Location>

4. Edit the /etc/httpd/conf.d/abiquo.conf file and at the end of the VirtualHost section, add the SSL Proxy Engine

   Code Block
   SSLProxyEngine On

5. Check the DNS values in the /etc/resolv.conf

6. For each Abiquo datacenter, log in to each Remote Services server

7. Install the WebMKS proxy package

   Code Block
   yum install abiquo-webmks-proxy

   This will install NGINX and its configuration files, and also enable it in systemctl.

8. Edit the server configuration at /etc/nginx/nginx.conf

   1. For listen, if you are using another port, change the default of 7070

   2. Set the ssl_certificate and ssl_certificate_key with the location of the UI certificate files. NGINX must have access to these files.

   3. If you are using domain names for your ESXi servers, in the location configure the resolver to point to your DNS servers.

   4. If this is a distributed environment and the API server has another IP, set server_name to _
      

      Code Block

      worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 100; server { listen 7070 ssl; server_name localhost; ssl_certificate /etc/pki/abiquo/cloud.example.com.crt; ssl_certificate_key /etc/pki/abiquo/cloud.example.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass https://$arg_ip:443; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; resolver 10.95.11.5 10.95.11.6; } } }

9. Add these firewall rules on the Remote Services servers, if the API server has a different IP address from the Remote Services servers (not a monolithic environment),

   Code Block
   firewall-cmd --permanent --zone=public --add-port=7070/tcp firewall-cmd --permanent --zone=public --add-port=7070/udp firewall-cmd --permanent --zone=public --add-port=4822/tcp service firewalld reload

10. On the Remote Services servers, edit abiquo.properties

    1. Define the WebMKS proxy path, for example:

       Code Block
       com.abiquo.esxi.webmks.proxypath = api.cloud.example.com/wsdata

       The value is the FQDN and Location of the proxy in Apache on the API Server (without the protocol)

11. Enable For Abiquo versions prior to Abiquo 6.1.2, enable WebMKS for all VMs with no VNC configuration

    Code Block
    com.abiquo.esxi.webmks = true

    As always, after changing

    For a Monolithic environment also set the force property

    Code Block
    com.abiquo.esxi.webmks.force

    To activate the changes to properties, restart the Tomcat server.

12. Restart the services

    1. On the Remote Services server, restart NGINX

    2. On the API Server, restart the Apache HTTPD service

...