VMware Cloud Community
fardin01
Contributor
Contributor
Jump to solution

Configure Nginx to reverse proxy VMRC traffic

When I redirect port 443 and 902 directly to my ESXi host, the web client works fine as well as VMRC. When I proxy port 443 via nginx the web client works fine (inducing the browser console) but VMRC connection fails. Port 902 is directly redirected to ESXi.

Can anyone let me know what protocol VMRC uses? Or what the architecture is?

1 Solution

Accepted Solutions
jskenney
Contributor
Contributor
Jump to solution

Attached is my nginx configuration files that work for remote access via the web into a vSphere server, including VMRC.  The nginx.conf sets up the ports, the esxi file is the "site" config.  In my example 192.168.2.41 is the ESXi server, and example.com is the website (and link for ssl certs).  Hope that helps, it took a while for me to generate a configuration that would allow for the console and for file uploads.

View solution in original post

5 Replies
CQuartetti
Hot Shot
Hot Shot
Jump to solution

VMRC's control plane connection uses HTTPS over port 443 by default, but it can be any port number--vSphere may use 9443. The data plane connection uses a custom protocol over port 902 by default, but again, the server can configure any port number.

Internal ticket 1983585 is tracking connecting through vRA with a proxy, but this may not affect you.

Can you make a proxied connection using VMRC 9.0? What's your host OS?

Reply
0 Kudos
fardin01
Contributor
Contributor
Jump to solution

Thanks for your reply.

I can't make a peroxied connection using VMRC 9.0. Direct connection still works fine.

I have ESXi 6.5 running on a HP server, and the VM I'm trying to connect is WS 2012 R2.

1.PNG shows how I launch VMRC. 2.PNG shows what I get when connection is proxied.

Below is the portion of nginx.conf file that proxies the traffic to the correct server:

server {

        listen       443 ssl;

        server_name  esxi.******.com;

        ssl_certificate      certificate.crt;

        ssl_certificate_key  private.key;

        location / {

               allow all;

               proxy_set_header Host $host;

               proxy_set_header Connection "upgrade";

               proxy_set_header Connection $http_connection;

               proxy_pass https://192.168.0.102;

              

               # WebSocket support

               proxy_http_version 1.1;

               proxy_set_header Upgrade $http_upgrade;

        }

    }

Reply
0 Kudos
CQuartetti
Hot Shot
Hot Shot
Jump to solution

Ok, looks like you're running VMRC on Windows. Not that this helps you, but internal ticket 1815860 is tracking this issue where VMRC doesn't give an accurate error message in some cases. If you have Workstation available you may see this

Failed to connect to xxx. The proxy could not be resolved.

instead of this message from your 2.png attachment

Failed to connect to xxx. Invalid or expired session ticket.

Reply
0 Kudos
jskenney
Contributor
Contributor
Jump to solution

Attached is my nginx configuration files that work for remote access via the web into a vSphere server, including VMRC.  The nginx.conf sets up the ports, the esxi file is the "site" config.  In my example 192.168.2.41 is the ESXi server, and example.com is the website (and link for ssl certs).  Hope that helps, it took a while for me to generate a configuration that would allow for the console and for file uploads.

fardin01
Contributor
Contributor
Jump to solution

You sir, have a special place in heaven! Thank you very much.