VM Console Access
-
My XO is deployed and when i go to console it gives me access.
production XO
wss://xenorchestra1.nayatel.com/api/consoles/vm-idtest XO
ws://xen.zeests.com:7778/api/consoles/vm-idI have tokens for both services.
Now I want to access the console from a different web application who is running on different host and have a different domain mapped. How can I achieve this?
One Error is:
noVNC requires a secure context (TLS). Expect crashes! -
@olivierlambert any comment will help me a lot.
I am testing to access the console on noVNC official client https://hub.docker.com/r/theasp/novnc but I am getting this error.
can you guys give it a try and share your thoughts? Idk how to pass the token in local noVNC docker image.
-
That's almost a question for the DevOps Team Tool I suppose
Ping @nathanael-h
-
@nathanael-h your comments will help me to a lot. I am not able to access my vm console outside.
this is my url format to access the console.
wss://domain/api/consoles/vmidI know we have to pass the token and I have a valid admin token but still I am not able to get it done.
-
@irtaza9 Hey, I tried quickly on my local laptop but was not able to handle to auth. So I asked internally who already knows how this works. (Unfortunately I cannot spend multiple hours on this)
-
this is my code to test console for vms but I am not able to access it. Actually I have to access the console but I do not know how do auth for this.
-
I am able to solve this and access the vm-consoles on my web app. I deployed the xen orchestra from sources and run on localhost then I run my custom web app on localhost and pass my admin token to set in the cookies and then I got the access to the consoles.
But when I try to access the console from a different domain then it does'nt work cause it is a cross browser cookie issue. Browser rejects to store the cookie of my production XO. Now I do not know any other way to resolve this cause the authentication mechanism you guy are using is token in cookie.
suggestion: noVNC supports
username & passwordin theurlwhat if we perform authentication for consoles like this too. Also what abouttokenin query params?
-
This post is deleted! -
@irtaza9 I am glad to read you find a solution that works for you. And thanks for sharing!
-
@nathanael-h I got more information as I am still observing few things regarding the console. I got to know that there is no authentication at all on console level and on per user basis.
My test use case
Vm -> Ubuntu
vm:5173 -> custom app
vm:3000 -> custom api servervm:ngnix:80/443
- rncp.nayatel.com -> localhost:5173
- rncpbe.nayatel.com -> localhost:3000
My XOA is running on
xenorchestra1.nayatel.comwhich is on private network and my vm is allow in the route so I can connect to it. Now my custom work and XOA is on the same domain with same SSL certs. Now When I go to myrncp.nayatel.comand place any VM ID in the query param then the console for my VM is accessible on my custom web app and my this app is calling an api torncpbe.nayatel.comfor authentication only and returns thewssurl to my frontend app and then my frontend app uses thaturland create the socket onnoVNCand console gets accessed.From this It is my conclusion that XOA do not perform authentication on console access it only checks the cross-domain and it also do not need token in cookies for console authentication.
-
extending this thread because still relevant
The console is using RFB protocol for streaming, right now each user who have an access to a VM console is seeing the same console that is seen by other. Is there any way to give each user their own console?
-
Hi,
No, there's only one console, which is the "virtual screen" of the VM. If you want multi user thing, check VDI solution, like UDS Enterprise https://docs.xcp-ng.org/project/ecosystem/#uds-enterprise
