noVNC disconnect with remote Caddy proxy


(Marten van Dijk) #1

I’m running a caddy instance on a public IP that can reach the private IP of my OpenNebula management server. NoVNC however, is in a disconnected state if I try to reach it through the proxy with SSL. I have got the right settings in /etc/one/sunstone-server.conf, and have the following Caddyfile set up:

mydomain.example.com {
  proxy / 10.3.30.2:9869
  proxy / 10.3.30.2:29876 {
    transparent
    websocket
  }
}

Does anyone know what I’m missing to succesfully forward the noVNC traffic to my OpenNebula server through my caddy proxy (that is running on the remote server)? The caddy proxy is running on ubuntu 16.04 and the OpenNebula server is running Debian 9.6.


(Marten van Dijk) #2

While I was unable to get the Caddy proxy to work with a remote OpenNebula server with NoVNC, I got it to work with Nginx. The config is as follows:

upstream sunstone  {
    server 10.3.30.2:9869;
}


upstream vnc_proxy {
    server 10.3.30.2:29876;
}

server {
    listen 443 ssl;
    server_name 10.3.30.2;
    ssl_certificate /home/certificates/certificate.crt;
    ssl_certificate_key /home/certificates/key.key;

    ### Proxy requests to upstream
    location / {
             proxy_pass http://sunstone;
    }


  location /websockify {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header x-forwarded-proto  $scheme;
      proxy_set_header Host $host;
      proxy_http_version 1.1;
      proxy_read_timeout 86400;
      proxy_pass https://vnc_proxy;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
}

server {
    listen 29876 ssl;
    server_name 10.3.30.2;
    ssl_certificate /home/certificates/certificate.crt;
    ssl_certificate_key /home/certificates/key.key;

    location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header x-forwarded-proto  $scheme;
      proxy_set_header Host $host;
      proxy_http_version 1.1;
      proxy_read_timeout 86400;
      proxy_pass https://vnc_proxy;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
   }
}

Hope this helps anyone who is having issues with a remote proxy and VNC!