[one-users] NoVNC in Sunstone behind lighttpd

Jhon Masschelein jhon.masschelein at sara.nl
Fri Jun 1 03:08:46 PDT 2012


We are behind an iptables firewall so we simply opened a bunch of ports 
in addition to the 443 port to make the vnc work. Yes this is "bad" but 
we actually like it this way.

In the previous incarnation of our cloud based on ONE 1.0, we had a UI 
where one port proxied all the vnc connections.

We got into major problems with users  behind NAT bridges: we did not 
find a way to set up a correct proxy since all connections came from the 
NAT box.

We much prefer opening a bunch of ports in favor of having NAT break VNC 

If the opennebula VNC system would revert back to that kind of system, 
please make sure it works through a NAT solution!



On 06/01/2012 09:20 AM, Hector Sanjuan wrote:
> No, nothing has been changed regarding this aspect in 3.2.1.
> If it works for you that probably means that your Sunstone clients can
> open a direct connection from their browser to
> sunstone_host:vnc_proxy_port, where the normal sunstone_host:443 is the
> only one being proxied through lighthttpd. I guess your proxy is running
> on the same machine as sunstone and no firewalls are in place so vnc
> connections can happen. Or maybe you have a different setup that I
> havent thought of?
> Hector
> En Fri, 01 Jun 2012 09:06:03 +0200, Jhon Masschelein
> <jhon.masschelein at sara.nl> escribió:
>> Hi,
>> Has something changed in 3.4.1 that makes this no longer work?
>> We're running 3.2.1 behind a lighttpd ssl proxy and the noVNC consoles
>> work (almost) perfectly for us...
>> Wkr,
>> Jhon
>> On 05/31/2012 11:00 PM, Hector Sanjuan wrote:
>>> Hello,
>>> bad news: noVNC uses websockets to open a connection to a tcp port on
>>> the sunstone frontend which your reverse proxy is probably not letting
>>> through. Actually, this port depends on the VM ID that you are
>>> connecting to (proxy_base_port + vm_id), so as things are now there is
>>> no straightforward way that you can get Sunstone VNC working with a
>>> reverse proxy solution unless you take care of proxying a wide range of
>>> ports, or find a way to let the connections through directly to them.
>>> good news: We realised of this limitation and this will be changed for
>>> the next release as part of http://dev.opennebula.org/issues/1209. The
>>> idea is that we run a single websockets proxy instance on a single fixed
>>> port.
>>> So im afraid you just need to wait some weeks,
>>> Hector
>>> En Thu, 31 May 2012 21:51:48 +0200, Alberto Zuin - Liste
>>> <liste at albertozuin.eu> escribió:
>>>> Hello all,
>>>> I'm setting up a new cloud (little, but this time it's mine ;-) with
>>>> OpenNebula 3.4.1.
>>>> Sunstone works like a charm when connecting directly on port 9869, but
>>>> I want using Lighttpd for ssl proxy. In this situation there is a
>>>> problem using NoVNC web console: when I click on the icon, appear the
>>>> popup on the bottom but no console.
>>>> No error in lighttpd log and in sunstone log.
>>>> Any suggestions?
>>>> Thanks,
>>>> Alberto

Jhon Masschelein
Senior Systeemprogrammeur

Science Park 140
1098 XG Amsterdam
T +31 (0)20 592 8099
F +31 (0)20 668 3167
M +31 (0)6 4748 9328
E jhon.masschelein at sara.nl

More information about the Users mailing list