VNC and Apache Reverse Proxy

Michael Ossmann michael.ossmann "at" alttech.com
Mon, 07 Jan 2002 22:34:42 +0000


On Mon, Jan 07, 2002 at 10:08:10AM -0500, Christopher Tesla wrote:
>  
> I am using the Reverse Proxy functions of Apache to allow the users access to
> those servers.  The only problem is that when they click on the link they get
> the standard gray window and "Applet vncviewer class vncviewer could not be
> loaded" error.  This happens on the LAN as well as from the outside world.
> What is interesting is that when working on the LAN if I browse to
> http://apacheserver/vncserver (which should proxy forward to
> http://vncserver:5800) I get the error, but if I browse directly to
> http://vncserver:5800 it works just fine.  Obviously something is acting funny
> in the Apache config.

I think this is what is going on. . .

When you connect to http://vncserver:5800, the applet loads and tries to
open a vnc connection to vncserver:5900.  When you connect to
http://apacheserver/vncserver, the applet tries to open a vnc connection
to apacheserver:5900, which does not respond.  You can:

  1. Configure the applet to connect to a vnc server other than the web
  server.  You would have to use a signed Java applet to allow it to
  leave the sandbox, and this probably wouldn't ease your firewall
  configuration anyway.

  2. Use some kind of port forwarding on the apache server so that port
  5900 goes to the vncserver.  You would have to configure each
  vncserver to use a separate port number and allow external connections
  to apacheserver:5900-59xx.

  3. Get creative with ssh.

  4. Check out the VNC Reflector:
     http://sourceforge.net/projects/vnc-reflector/
     I haven't tried this yet myself, but I plan to soon.

Note that vnc is not at all secure unless you tunnel it through ssh,
zebedee, or something.

-- 
Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.  http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------