|
|
web-based VNC access based on no-VNC
|
|
|
|
|
|
1) novnc server setup
|
|
|
*
|
|
|
**first use case:**
|
|
|
NOMAD summer school Sep 2017, Berlin
|
|
|
* VNC sessions are pre-launched (singularity to isolate dummy user) on draco
|
|
|
* currently works with chrome
|
|
|
* TODO
|
|
|
* firefox and others need browser settings ?
|
|
|
* open apache server (currently access restricted to 130.183.2)
|
|
|
|
|
|
1) novnc server setup on vis-nomad.esc.rzg.mpg.de
|
|
|
* installed at /opt/noVNC/noVNC-master/
|
|
|
* basic documentation at https://github.com/novnc/noVNC
|
|
|
* token-based mapping to existing VNC sessions /opt/noVNC/config.d/draco_vnc.conf
|
|
|
* start server as `python /opt/noVNC/noVNC-master/utils/websockify/run --verbose --daemon --log-file=/opt/noVNC/noVNC-master/novnc.log --web /opt/noVNC/noVNC-master/ --token-plugin TokenFile --token-source /opt/noVNC/config.d/ vis-nomad.esc.rzg.mpg.de:6080`
|
|
|
* TODO:
|
|
|
* howto secure tokens? -> https://github.com/novnc/noVNC/issues/522, https://github.com/novnc/websockify/wiki/Token-based-target-selection
|
|
|
|
|
|
|
|
|
2) apache httpd proxy setup on vis-nomad.esc.rzg.mpg.de
|
|
|
* requires mod_proxy_wstunnel (included by default)
|
|
|
* CentOS firewall settings required:
|
|
|
* `setsebool -P httpd_can_network_connect 1`
|
|
|
* `setsebool -P httpd_can_network_relay 1`
|
|
|
|
|
|
* `/etc/httpd/conf.d/vhost_novnc-proxy.conf`:
|
|
|
|
|
|
`
|
|
|
ProxyPass /websockify ws://vis-nomad.esc.rzg.mpg.de:6080/websockify retry=3
|
|
|
ProxyPassReverse /websockify ws://vis-nomad.esc.rzg.mpg.de:6080/websockify retry=3
|
|
|
ProxyPass / http://vis-nomad.esc.rzg.mpg.de:6080/
|
|
|
ProxyPassReverse / http://vis-nomad.esc.rzg.mpg.de:6080/
|
|
|
`
|
|
|
* TODO:
|
|
|
* enable/enforce https://, wss:// as soon as we get a proper server certificate**
|
|
|
|
|
|
**NOMAD infrastructure (WP6:**
|
|
|
|
|
|
1) dynamic creation of novnc tokens |