Kumina | Blog

Proxying and multiplexing noVNC using wsproxy

code

code

When a virtual private server is experiencing crashes or network connectivity problems, it is often useful to interact with the system console, using protocols such as VNC. A nice piece of software implementing the VNC protocol, is the noVNC web client. noVNC allows you to connect to a VNC server, using only a web browser with WebSockets support. If your browser doesn’t implement WebSockets, it uses a small Adobe Flash applet to offload the WebSockets connection.

Unfortunately, WebSockets does not allow you to create arbitrary raw TCP connections. After performing an initial HTTP handshake, it can be used to send UTF-8 encoded datagrams. Because VNC is a binary protocol, noVNC encodes the stream as Base64 and encapsulates it into WebSockets datagrams. This means that you either have to locally patch your VNC server to support the noVNC protocol, or that you have to use a proxy. Patching the VNC server is not an option for us and the available proxies require us to run a proxy for every VNC server instance, thus for every virtual private server. This is why we have written a rather compact noVNC proxy called wsproxy, which can connect to VNC servers within a whitelisted range of ports. This proxy is simply run through inetd and can in theory be used in combination with tools like stunnel to provide SSL support.

The code and instructions how to use wsproxy can be found on its GitHub page.

*Image source: https://unsplash.com/photos/xekxE_VR0Ec
Exit mobile version