Install WebMKS proxy and configure WebMKS
This page describes how to install and configure WebMKS with a proxy for remote access to VMs in ESXi in a new environment. For an existing environment with VMs running VNC, after you install the proxy, see Enable WebMKS for vCenter
You can run webmks without a proxy configuration but it will require host access from the outside (something which is unacceptable in production but may simplify a test environment).
To use WebMKS without a proxy, enable it in Abiquo properties, and give users access to the websocket host and port, to reach the websocket as follows:wss://host:port/ticket/ticketID
Introduction to WebMKS proxy
Remote access for vCenter 7 is through WebMKS only and Abiquo supports WebMKS.
The purpose of this proxy is to allow remote access to VMs in VCenter/ESXi architectures. This is done via Secure WebSocket protocol using the VMware VNC implementation over WSS (WebMKS). Basically, we request a ticket to the vCenter API, and with this ticket we can request VM remote access data to the ESXi host via WSS. The connection to the Abiquo Server is passed by the Apache proxy to an NGINX proxy on the Remote Services.
Install WebMKS proxy
To install WebMKS do these steps.
Log in to the API Server as an administrator
Install and load mod_proxy_wstunnel
Edit
/etc/httpd/conf.modules.d/00-proxy.conf
Go to the end and add
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
Edit
/etc/httpd/conf.d/abiquo.conf
and add one Location for each Remote services server. For example, for two servers:<Location /wsdata> ProxyPass wss://rs1.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs1.cloud.example.com:7070 Require all granted </Location> <Location /wsdata2> ProxyPass wss://rs2.cloud.example.com:7070 ttl=20 timeout=20 ProxyPassReverse wss://rs2.cloud.example.com:7070 Require all granted </Location>
Edit the /etc/httpd/conf.d/abiquo.conf file and at the end of the VirtualHost section, add the SSL Proxy Engine
SSLProxyEngine On
Check the DNS values in the /etc/resolv.conf
For each Abiquo datacenter, log in to each Remote Services server
Install the WebMKS proxy package
yum install abiquo-webmks-proxy
This will install NGINX and its configuration files, and also enable it in systemctl.
Edit the server configuration at
/etc/nginx/nginx.conf
For
listen
, if you are using another port, change the default of 7070Set the
ssl_certificate
andssl_certificate_key
with the location of the UI certificate files. NGINX must have access to these files.If you are using domain names for your ESXi servers, in the
location
configure theresolver
to point to your DNS servers.If this is a distributed environment and the API server has another IP, set
server_name
to "_"
If the API server has a different IP address from the Remote Services servers (not a monolithic environment), add these firewall rules on the Remote Services servers:
On the Remote Services servers, edit
abiquo.properties
Define the WebMKS proxy path, for example:
The value is the FQDN and Location of the proxy in Apache on the API Server (without the protocol)
Enable WebMKS for all VMs with no VNC configuration
As always, after changing properties, restart the Tomcat server
Restart the services
On the Remote Services server, restart NGINX
On the API Server, restart the Apache httpd service
Troubleshooting remote access to VM console
When you try to connect to a VM in a test environment with a self-signed certificate, Abiquo may display an unsecured certificate error. To continue, open a new tab in the same browser, enter the IP of the host of the VM, and accept the certificate.
Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved