Install WebMKS proxy

Owned by MS (Unlicensed)
Jan 17, 2023
3 min read

This page is deprecated.

If NO VMs are running VNC, see Install WebMKS proxy and configure WebMKS

If VMs are running VNC, see Enable WebMKS for vCenter

The purpose of this proxy is to allow remote access to VMs in VCenter/ESXi architectures. This is done via Secure WebSocket protocol using the VMware VNC implementation over WSS (WebMKS). Basically we request a ticket to the vCenter API and with this ticket we can request VM remote access data to the ESXi host via WSS. The connection to the Abiquo Server is passed by the Apache proxy to an nginx proxy on the Remote Services.

Before you begin:

  1. Brand the WebMKS interface as required. See Branding WMKS.

To install the WebMKS proxy do the following steps.

Configure the API server for WebMKS proxy

Log in to the API server as an administrator and do these steps.

  1. If the mod_proxy_wstunnel module is not enabled in Apache, install and load it, using load module and specifying the module.

  2. Edit the /etc/httpd/conf.d/abiquo.conf file and add one Location for each Remote services server. For example, for three servers:

    <Location /wsdata> ProxyPass wss://rs1.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs1.cloud.example.com:7070 Require all granted </Location> <Location /wsdata2> ProxyPass wss://rs2.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs2.cloud.example.com:7070 Require all granted </Location> <Location /wsdata3> ProxyPass wss://rs3.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs3.cloud.example.com:7070 Require all granted </Location>

     

  3. Edit the /etc/httpd/conf.d/abiquo.conf file and at the end of the VirtualHost section, add the SSL Proxy Engine

    SSLProxyEngine On

     

  4. Check the DNS values in the /etc/resolv.conf

Install and configure the WebMKS proxy on the Remote Services

On each Remote Services server of each DC where you will use a WebMKS proxy

  1. Install the package

    yum install abiquo-webmks-proxy

    This will install NGINX and its configuration files, and also enable it in systemctl. 

  2. Review and edit the configuration at /etc/nginx/nginx.conf

    1. The port to listen on is 7070 but you can change this

    2. It uses the SSL certificates from the UI to keep trust. Check that the nginx can reach the ssl_certificate and ssl_certificate_key file

    3. In case the ESXi returns a domain name, configure your DNS servers for the location with the resolver values

    4. If this is a distributed environment and api server has another IP, server_name should be "_"





  3. If this is a distributed environment (the API server has a different IP address), add these two firewall rules on the Remote Services servers:

    Firewall rules



Enable WebMKS for Remote access

  1. To switch from VNC to WebMKS, see Enable WebMKS for vCenter

  2. OR for an environment without VNC, see Configure WebMKS for vCenter

 

 

WebMKS is able to work without a proxy, but it will require host access from the outside. This is not acceptable in production but perhaps it may help to simplify a test environment.

To use WebMKS without a proxy, give users access to the websocket host and port, to reach the websocket as follows:
wss://host:port/ticket/ticketID

 

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved