Accessing VM Console from Outside Your Network for Linux-KVM
You can configure Nginx to serve as a reverse proxy server to facilitate access to the console of one or more virtual machines (VM) running on KVM-based hypervisors, without exposing the hypervisors to all cloud users. With the reverse proxy configuration, cloud users that do not have access to KVM-based hypervisors are able to access the console of the VMs running on such hypervisors.
The process broadly comprises the following steps.
Identify the physical machine or the node that would act as the reverse proxy node.
Create a DNS A record pointing to this host for host URL- to- IP address mapping. This is an optional step. This can be done if you do not wish to expose the host IP address.
Install Nginx on the reverse proxy node.
Edit the nginx.conf file to reverse proxy all the hostnames.
Log in to each host and configure noVNC to point to the reverse proxy node.
Let us look at the installation and host configuration steps in detail.
Run the following commands on the node identified to serve as the reverse proxy, to install the Nginx web server.
Generate Diffie Hellman(DH) parameters for Nginx
Run the following commands on the reverse proxy node, to generate DH parameters for the Nginx server for a secure encrypted communication.
Edit the nginx configuration file /etc/nginx/nginx.conf that is located on the reverse proxy node.
Add or modify the default server section in nginx.conf to force redirection to HTTPS.
For the purpose of this section, let us assume that we have five compute hosts and one glance host with the following host names and IP addresses.
compute01 - 192.0.2.2
compute02 - 192.0.2.3
compute03 - 192.0.2.4
compute04 - 192.0.2.5,
compute05 - 192.0.2.6
glance - 192.0.2.7
Platform9 4.X Proxy Config File
Edit the file /etc/nginx/conf.d/01_proxy.conf that is located on the reverse proxy node, to add the following information related to the hosts to access through the reverse proxy node, and information related to SSL communication.
Platform9 3.x Proxy Config File
For Platform9 releases older than 4.0, the above mentioned /etc/nginx/conf.d/01_proxy.conf file needs to be slightly different.
The only section that differs from 4.x Proxy Config is the 'if' condition block in the last location regex above.
Reload Nginx Configuration
Run the following command to reload Nginx configuration.
Configure noVNC on hosts
The noVNC client must be installed on each host machine. The cloud users can access the reverse proxy and access the VM consoles running on hypervisors that they might not, otherwise, have access to.
The noVNC on every host must be configured to point to the reverse proxy node.