Accessing VM Console From Outside Your Network For VMware
Platform9's managed OpenStack private cloud deployment gives users the ability to launch a VNC console for Virtual Machine instances that are under its' management. However, this is only possible if the browser is on the same network as the Platform9 VMware gateway appliance.
To get around this restriction, administrators can setup a simple proxy to route traffic to the noVNC port on the gateway appliance, then route the VNC traffic via this proxy.
This tutorial lays out the steps needed to accomplish this, using nginx as a proxy server, on a CentOS machine.
Step 1 - Install nginx
On CentOS, you can install nginx via yum simply by issuing the following command:
Step 2 - Configure nginx
Once nginx has been installed, it will need to be configured to route traffic to the VMware gateway appliance. Since we are setting up a separate proxy, we can also put in an added layer of security by ensuring that all connections are over HTTPS, using appropriate certificates. For e.g., assuming that the host or appliance IP is 192.0.2.10, and the proxy machine has an IP of 203.0.113.55 this is a sample nginx configuration that will accept incoming traffic on HTTPS, and redirect it to the host:
This configuration should be placed under the /etc/nginx/conf.d folder so that the nginx service can ingest it on startup
Step 3 - Start nginx
Once the configuration is created, nginx can be started.
Step 4 - Modify nova configuration to use the proxy as the noVNC base URL
Login to the VMware appliance. The noVNC base url entry can be found in /opt/pf9/etc/nova/conf.d/nova_vmw_override.conf. Change the noVNC proxy base URL entry, and restart the pf9-ostackhost and pf9-novncproxy services:
Now, when the VNC console is loaded from the Platform9 UI, the browser will open a connection to the externally visible proxy server - via HTTPS - which in turn will send that data to the appliance to provide a VNC console view to external users.