Install WebMKS proxy and configure WebMKS

This page describes how to install and configure WebMKS with a proxy for remote access to VMs in ESXi in a new environment. For an existing environment with VMs running VNC, after you install the proxy, see Enable WebMKS for vCenter

You can run webmks without a proxy configuration but it will require host access from the outside (something which is unacceptable in production but may simplify a test environment).
To use WebMKS without a proxy, enable it in Abiquo properties, and give users access to the websocket host and port, to reach the websocket as follows:
wss://host:port/ticket/ticketID

Introduction to WebMKS proxy

Remote access for vCenter 7 is through WebMKS only and Abiquo supports WebMKS.

The purpose of this proxy is to allow remote access to VMs in VCenter/ESXi architectures. This is done via Secure WebSocket protocol using the VMware VNC implementation over WSS (WebMKS). Basically, we request a ticket to the vCenter API, and with this ticket we can request VM remote access data to the ESXi host via WSS. The connection to the Abiquo Server is passed by the Apache proxy to an NGINX proxy on the Remote Services.

 Install WebMKS proxy

To install WebMKS do these steps.

  1. Log in to the API Server as an administrator

  2. Install and load mod_proxy_wstunnel

    1. Edit /etc/httpd/conf.modules.d/00-proxy.conf

    2. Go to the end and add LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

  3. Edit /etc/httpd/conf.d/abiquo.conf and add one Location for each Remote services server. For example, for two servers:

    <Location /wsdata> ProxyPass wss://rs1.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs1.cloud.example.com:7070 Require all granted </Location> <Location /wsdata2> ProxyPass wss://rs2.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs2.cloud.example.com:7070 Require all granted </Location>
  4. Edit the /etc/httpd/conf.d/abiquo.conf file and at the end of the VirtualHost section, add the SSL Proxy Engine

    SSLProxyEngine On 
  5. Check the DNS values in the /etc/resolv.conf

  6. For each Abiquo datacenter, log in to each Remote Services server

  7. Install the WebMKS proxy package

    yum install abiquo-webmks-proxy

    This will install NGINX and its configuration files, and also enable it in systemctl.

  8. Edit the server configuration at /etc/nginx/nginx.conf

    1. For listen, if you are using another port, change the default of 7070

    2. Set the ssl_certificate and ssl_certificate_key with the location of the UI certificate files. NGINX must have access to these files.

    3. If you are using domain names for your ESXi servers, in the location configure the resolver to point to your DNS servers.

    4. If this is a distributed environment and the API server has another IP, set server_name to "_"

       

  9. If the API server has a different IP address from the Remote Services servers (not a monolithic environment), add these firewall rules on the Remote Services servers:

     

  10. On the Remote Services servers, edit abiquo.properties

    1. Define the WebMKS proxy path, for example:

      The value is the FQDN and Location of the proxy in Apache on the API Server (without the protocol)

  11. Enable WebMKS for all VMs with no VNC configuration

    As always, after changing properties, restart the Tomcat server

  12. Restart the services

    1. On the Remote Services server, restart NGINX

    2. On the API Server, restart the Apache httpd service

 

Troubleshooting remote access to VM console
When you try to connect to a VM in a test environment with a self-signed certificate, Abiquo may display an unsecured certificate error. To continue, open a new tab in the same browser, enter the IP of the host of the VM, and accept the certificate.

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved