proxy using websockify to hide the ESXi host information.
49 views
Skip to first unread message
ahmed
Mar 22, 2024, 4:42:06 PMMar 22
to noVNC
Hello,
I am trying to set up a proxy using websockify to hide the ESXi host information from the client when accessing VMware VMs via a remote console.
Here's a breakdown of the flow.
1.Client Request through Browser: The client initiates a request through the browser to access the VM console.
We construct a URL like this: https://1.1.1.1:1235/vnc_auto.html?host=<esxi_host_ip>&path=ticket/<mks_token>&port=443
With this URL,(WSS) connection is established, e.g., wss://esxi_host_ip/ticket/<mks_token>. This flow works fine.
2. Now, we want to proxy this connection to hide the ESXi host information from the client. For this, we create a URL like:
https://1.1.1.1:1235/vnc_auto.html?host=<1.1.1.1:1235>&path=ticket/<mks_token>&port=1235 1.1.1.1:1235 is the vnc server ip and port where novnc/websockify is serving
With this URL,(WSS) connection is like this, e.g., wss://1.1.1.1:1235/ticket/<mks_token>. However, this setup results in a WebSocket error.
3.Additionally, we're running the following websockify command:
/usr/share/novnc/websockify/run -D -v --web /usr/share/novnc --timeout 5000 --cert <certs-file> --key <certs-key> <websockify_port e.g 1235> <esxi_host_ip>:<esxihost_port>
Do you have any suggestions for what we might be missing or what needs to be done differently in the flow.
I apologize for the lengthy post and any mistakes. This is my first post, and I'm trying to write it as clearly as possible.
I am trying to set up a proxy using websockify to hide the ESXi host information from the client when accessing VMware VMs via a remote console.
Here's a breakdown of the flow.
1.Client Request through Browser: The client initiates a request through the browser to access the VM console.
We construct a URL like this: https://1.1.1.1:1235/vnc_auto.html?host=<esxi_host_ip>&path=ticket/<mks_token>&port=443
With this URL,(WSS) connection is established, e.g., wss://esxi_host_ip/ticket/<mks_token>. This flow works fine.
2. Now, we want to proxy this connection to hide the ESXi host information from the client. For this, we create a URL like:
https://1.1.1.1:1235/vnc_auto.html?host=<1.1.1.1:1235>&path=ticket/<mks_token>&port=1235 1.1.1.1:1235 is the vnc server ip and port where novnc/websockify is serving
With this URL,(WSS) connection is like this, e.g., wss://1.1.1.1:1235/ticket/<mks_token>. However, this setup results in a WebSocket error.
3.Additionally, we're running the following websockify command:
/usr/share/novnc/websockify/run -D -v --web /usr/share/novnc --timeout 5000 --cert <certs-file> --key <certs-key> <websockify_port e.g 1235> <esxi_host_ip>:<esxihost_port>
Do you have any suggestions for what we might be missing or what needs to be done differently in the flow.
I apologize for the lengthy post and any mistakes. This is my first post, and I'm trying to write it as clearly as possible.
Pierre Ossman
Mar 25, 2024, 4:08:03 AMMar 25
to no...@googlegroups.com, ahmed
On 22/03/2024 21:42, ahmed wrote:
> Hello,
>
> I am trying to set up a proxy using websockify to hide the ESXi host
> information from the client when accessing VMware VMs via a remote console.
>
> Here's a breakdown of the flow.
>
> 1.Client Request through Browser: The client initiates a request through
> the browser to access the VM console.
> We construct a URL like this:
> https://1.1.1.1:1235/vnc_auto.html?host=<esxi_host_ip>&path=ticket/<mks_token>&port=443
> With this URL,(WSS) connection is established, e.g.,
> wss://esxi_host_ip/ticket/<mks_token>. This flow works fine.
>
> 2. Now, we want to proxy this connection to hide the ESXi host information
> from the client. For this, we create a URL like:
> https://1.1.1.1:1235/vnc_auto.html?host=<1.1.1.1:1235>&path=ticket/<mks_token>&port=1235
> 1.1.1.1:1235 is the vnc server ip and port where novnc/websockify is
> serving
> With this URL,(WSS) connection is like this, e.g.,
> wss://1.1.1.1:1235/ticket/<mks_token>. However, this setup results in a
> WebSocket error.
>
> 3.Additionally, we're running the following websockify command:
> /usr/share/novnc/websockify/run -D -v --web /usr/share/novnc --timeout 5000
> --cert <certs-file> --key <certs-key> <websockify_port e.g 1235>
> <esxi_host_ip>:<esxihost_port>
>
If ESXi has native WebSocket support, then websockify is probably not
> Hello,
>
> I am trying to set up a proxy using websockify to hide the ESXi host
> information from the client when accessing VMware VMs via a remote console.
>
> Here's a breakdown of the flow.
>
> 1.Client Request through Browser: The client initiates a request through
> the browser to access the VM console.
> We construct a URL like this:
> https://1.1.1.1:1235/vnc_auto.html?host=<esxi_host_ip>&path=ticket/<mks_token>&port=443
> With this URL,(WSS) connection is established, e.g.,
> wss://esxi_host_ip/ticket/<mks_token>. This flow works fine.
>
> 2. Now, we want to proxy this connection to hide the ESXi host information
> from the client. For this, we create a URL like:
> https://1.1.1.1:1235/vnc_auto.html?host=<1.1.1.1:1235>&path=ticket/<mks_token>&port=1235
> 1.1.1.1:1235 is the vnc server ip and port where novnc/websockify is
> serving
> With this URL,(WSS) connection is like this, e.g.,
> wss://1.1.1.1:1235/ticket/<mks_token>. However, this setup results in a
> WebSocket error.
>
> 3.Additionally, we're running the following websockify command:
> /usr/share/novnc/websockify/run -D -v --web /usr/share/novnc --timeout 5000
> --cert <certs-file> --key <certs-key> <websockify_port e.g 1235>
> <esxi_host_ip>:<esxihost_port>
>
the most appropriate choice here. It's for accessing things that do not
handle WebSockets. I would suggest looking at something like nginx. It
should be more robust for a setup like this.
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Reply all
Reply to author
Forward
0 new messages