Thank you for the detailed information. This is what I was looking for. Will
test it out. Thanks again.
Bill
Sent from my iPhone using HCL Verse
On Oct 25, 2021, 4:47:44 AM, rohit.ya...@shapeblue.com wrote:
From: rohit.ya...@shapeblue.com
To: users@cloudstack.apache.org
Cc:
Date: Oct 25, 2021, 4:47:44 AM
Subject: [EXTERNAL] Re: Apache Cloudstack Instance Console Question
Some correction - for WAN with single public IP we need both port 80/443
and 8080 for CPVM and port 8080 for ACS mgmt server.
Therefore, the setup may use domains to proxy the hosts per needs. In my
test setup I use nginx proxy manager (https://nginxproxymanager.com ) and have
domains such as:
example.com -> WAN IP
console.example.com -> WAN IP
The config would be to let a proxy manager proxy to hosts by the domains,
for ex:
example.com & console.example.com -> mapped to WAN IP
WAN IP ports 80, 443, 8080 -> forward to ACS mgmt server host ports 80, 443,
8888
Run the proxy manager on ACS mgmt server host that listens on ports 80, 443,
8888 to do SSL termination and proxy as:
example.com:80/443 -> proxy -> ACS mgmt server port:8080
console.example.com:80/443/8080 -> proxy -> CPVM ports 80/443/8080 (for
websockets use the config shared in previous reply).
Regards.
________________________________
From: Rohit Yadav
Sent: Monday, October 25, 2021 13:59
To: users@cloudstack.apache.org
Subject: Re: Apache Cloudstack Instance Console Question
Hi William,
The novnc console in browser tries to connect to CPVM's port 8080 that you
need to port forward/enable.
1. f you've an unsecured setup, you'll need to port forward as follows:
WAN port 80 -> ACS mgmt server IP port 8080
WAN port 8080 -> CPVM public IP port 8080
(also enable/allow firewall rules for port 80, 8080)
You can then access your mgmt server using, http:///client.
2. If you need domain+SSL termination, then you can do the same as say using
nginx:
Create domain records:
A record for example.com -> WAN IP
A record for console.example.com -> WAN IP
ACS global settings: (restarting mgmt server required)
consoleproxy.sslEnabled -> true
consoleproxy.url.domain -> console.example.com
WAN port 443 -> nginx 443 ssl -> proxy to ACS mgmt server IP port 8080
WAN port 8080 -> nginx 8080 ssl -> proxy to CPVM port 8080 with following:
nginx websockets config can look like: (in this example, CPVM has IP
192.168.1.20)
listen 8080 ssl http2;
location /websockify {
proxy_pass http://192.168.1.20:8080/websockify ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 86400;
}
Note: in case you re-create the CPVM and its IP changes you'll need to
update the configs suitably.
Regards.
________________________________
From: David Jumani
Sent: Monday, October 25, 2021 10:53
To: users@cloudstack.apache.org
Subject: Re: Apache Cloudstack Instance Console Question
Hi William,
You'll need to add a firewall rule to allow traffic from the public IP of
the console proxy running on port 80. You can find the IP of the proxy over at
Infrastructure > SystemVMs. (Or inspect the VM console page and have a look at
the URL in the iframe)
The console proxy also uses WebSockets, so I'm not sure if simple port
forwarding will work but give it a shot!
________________________________
From: William Hankard
Sent: Saturday, October 23, 2021 4:09 AM
To: users@cloudstack.apache.org
Subject: Apache Cloudstack Instance Console Question
Hello,
I am having an issue with accessing an instance console on my Cloudstack
environment.
My setup is as follows:
1) Opnsense Firewall with 1 wan port and 1 lan port
2) Red Hat Management server on lan subnet
3) Red Hat KVM Hypervisor on lan subnet
I have setup a port forward rule from my WAN network to the internal LAN
network to my management server. I can access the management server fine
through
the firewall with my browser. The issue I am having is when I create an
instance and try to access the console I get a timeout. I am thinking
maybe I don't have some
port open or there is some console / novnc configuration that needs to be
done. Any pointers would be appreciated.
Bill
William D. Hankard
Senior Enterprise Virtualization Architect / Backend Developer
IBM Security
X-Force Threat Intelligence and Integration Lab
william_hank...@us.ibm.com
Phone: 617-910-8562
