Embedded VNC in HTTPS Stream

[mailmonster]

Hello Community
I have just started migrating from a qnap TS-251+ to Freenas which I find amazing. I really love the new UI which now really can compete in my mind with brands like qnap or synology. On my qnap box i can connect to virtualized machines also with VNC Protokoll (virtualization station) Here however it is possible to access the qnap from outside via dyndns with https and open a virtual machine which is still reachable via HTTPS Port 443 and not the special port outside. I guess somehow the real internal vnc port is tunneled. Is there a way to do this also with freenas and its VirtualBox machines? I want to access the machine from outside via https but not need to use another port than 443
Thanks for an input on this.
best regards
Chris

 

[sretalla]

It probably uses websockets, so you need your reverse proxy to handle that.

You can either use guacamole itself or do some googling on how to do that with your proxy based on how it would handle guacamole.

Personally I like and use guacamole (as a docker container using the rancher catalog item) to access my VMs both on FreeNAS and other systems on my LAN.

 

[mailmonster]

Thanks for the reply. Is there somewhere an actual documentation how to implement this. I only find older ones dating back to 2015. Or is there an easier setup also. I just installed the emby plugin and it is the same like with vnc using ip and port but not being nated outside or encapsulated in https.

 

[sretalla]

There's plenty of advice around on how to set up docker. Guacamole has docker containers that are easy to run.

 

[mailmonster]

thanks for the first replies. I am still not quite sure how it would finally work the way I would like to have it using guacuamole.
In the new Freenas Interface in the VM section you can do a click on the three dots and click on VNC. VNC then opens in another Tab using the internal IP address and the port assigned to the vnc session. First of all this would need to be the name of the external dyndns eg. freenas.mysystem.net and I do not know if freenas can at all be configured like this. If I change the port redirection on my router to forward everything that is https to my guacamole server then again I do not know if I can then connect "from behind" to the freenas webui.
In the qnap NAS i open the webinterface via a dyndns name and then access the program "virtualization station" Within this station i can click on a virtual machine and on vnc console and it will open a vnc session in a separate tab but on the outside it is still the external address of the qnap box and 443.

What I could think of might be the following setup - maybe someone can tell me if this might work or if it can be done better
- create a Guacamole Server in freenas (creating a new jail with rancheros and downlaod guacamole)
- use the ip address of this jail for a https redirect to the guacamole server from outside (how to create a certificate here is the next question)
- add links to the virtual machines on the freeenas system within guacamole
- some way of reverse proxiing of the freenas gui to access this also via guacamole ??

any other idea how it can be nicely integrated to access the freenas vms from the embedded webconsole of the newest freenas system without using VPN?

 

[sretalla]

What I could think of might be the following setup - maybe someone can tell me if this might work or if it can be done better
- create a Guacamole Server in freenas (creating a new jail with rancheros and downlaod guacamole)
- use the IP address of this jail for a https redirect to the guacamole server from outside (how to create a certificate here is the next question)
- add links to the virtual machines on the freeenas system within guacamole
- some way of reverse proxiing of the freenas gui to access this also via guacamole ??

Yes, you got it.

For the certificate, look at duckdns... it gives you the domain for free, a way to update the IP address for it and allows you to create letsencrypt certificates.

To access the FreeNAS box or other services on your network requiring an internal web browser, you would set up a docker container (like this: https://hub.docker.com/r/consol/centos-xfce-vnc/) or small linux install on a Pi or other spare hardware/VM.

 

[sretalla]

- create a Guacamole Server in freenas (creating a new jail with rancheros and downlaod guacamole)

I just re-read that line...

You mean VM instead of jail? you can't have rancherOS/docker (working properly) in a jail, you need a docker VM.

 

[mailmonster]

Thanks . I found this one out,too

 

[mailmonster]

Do you can tell me a url to some plug and play guacamole docker Container . Or is using docker vm then rancheros then guacamole the easiest way? And is it possible to have the docker vm use the host ip of freenas or must/should it have its own?

 

[sretalla]

Or is using docker vm then rancheros then guacamole the easiest way?

This way is the most plug and play. Rancher server is just a single run statement, add the agent with one more then pick guacamole from the catalog in there.

And is it possible to have the docker vm use the host IP of freenas or must/should it have its own?

A VM will need its own IP. You will access all your docker containers on this IP.