Hi William,
The novnc console in browser tries to connect to CPVM's port 8080 that you need
to port forward/enable.
1. f you've an unsecured setup, you'll need to port forward as follows:
WAN port 80 -> ACS mgmt server IP port 8080
WAN port 8080 -> CPVM public IP port 8080
(also enable/allow firewall rules for port 80, 8080)
You can then access your mgmt server using, http://<WAN IP>/client.
2. If you need domain+SSL termination, then you can do the same as say using
nginx:
Create domain records:
A record for example.com -> WAN IP
A record for console.example.com -> WAN IP
ACS global settings: (restarting mgmt server required)
consoleproxy.sslEnabled -> true
consoleproxy.url.domain -> console.example.com
WAN port 443 -> nginx 443 ssl -> proxy to ACS mgmt server IP port 8080
WAN port 8080 -> nginx 8080 ssl -> proxy to CPVM port 8080 with following:
nginx websockets config can look like: (in this example, CPVM has IP
192.168.1.20)
listen 8080 ssl http2;
location /websockify {
proxy_pass http://192.168.1.20:8080/websockify;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 86400;
}
Note: in case you re-create the CPVM and its IP changes you'll need to update
the configs suitably.
Regards.
________________________________
From: David Jumani <[email protected]>
Sent: Monday, October 25, 2021 10:53
To: [email protected] <[email protected]>
Subject: Re: Apache Cloudstack Instance Console Question
Hi William,
You'll need to add a firewall rule to allow traffic from the public IP of the
console proxy running on port 80. You can find the IP of the proxy over at
Infrastructure > SystemVMs. (Or inspect the VM console page and have a look at
the URL in the iframe)
The console proxy also uses WebSockets, so I'm not sure if simple port
forwarding will work but give it a shot!
________________________________
From: William Hankard <[email protected]>
Sent: Saturday, October 23, 2021 4:09 AM
To: [email protected] <[email protected]>
Subject: Apache Cloudstack Instance Console Question
Hello,
I am having an issue with accessing an instance console on my Cloudstack
environment.
My setup is as follows:
1) Opnsense Firewall with 1 wan port and 1 lan port
2) Red Hat Management server on lan subnet
3) Red Hat KVM Hypervisor on lan subnet
I have setup a port forward rule from my WAN network to the internal LAN
network to my management server. I can access the management server fine
through
the firewall with my browser. The issue I am having is when I create an
instance and try to access the console I get a timeout. I am thinking
maybe I don't have some
port open or there is some console / novnc configuration that needs to be
done. Any pointers would be appreciated.
Bill
William D. Hankard
Senior Enterprise Virtualization Architect / Backend Developer
IBM Security
X-Force Threat Intelligence and Integration Lab
[email protected]
Phone: 617-910-8562
