NoVNC Console Proxy
While the module provides certain functionalities, the responsibility for implementation and the required technical expertise falls on you. We cannot offer support for these customizations.
When the console is accessed through WHMCS, a console session is initiated within Tenantos, and customers are redirected to the console page. Although customers do not directly log into Tenantos, the console session operates under the Tenantos domain. While this is not problematic per se, some service providers prefer to not expose the Tenantos URL and disable direct Tenantos panel access.
To accommodate this preference, the module has an event to modify the console URL. This allows for the implementation of a reverse proxy to proxy the console sessions to the Tenantos server without exposing the underlying Tenantos URL.
System Requirements
A VPS with minimal resources is sufficient. As example, 1 GB RAM, 1 core, 10 GB disk space.
Implementation
WHMCS server: Override the console URL
If you are already using custom events, then just copy the overrideConsoleUrl static function into your events.php file. Otherwise, follow these steps:
- Copy the file
/modules/addons/dservermanager/app/Custom/events.example
to/modules/addons/dservermanager/app/Custom/events.php
. - Remove all events except the
overrideConsoleUrl
event. - Replace the value of
$newDomain
with the domain of your proxy.
Setup Proxy Server
Set up a reverse proxy that forwards connections to Tenantos. The proxy must proxy all paths starting with /console
and must support WebSockets. Here is a working example for nginx:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR_PROXY_DOMAIN;
ssl_certificate /etc/letsencrypt/live/YOUR_PROXY_DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR_PROXY_DOMAIN/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location ~ "^/console" {
proxy_pass https://TENANTOS_DOMAIN;
proxy_http_version 1.1;
proxy_read_timeout 7d;
proxy_send_timeout 7d;
proxy_socket_keepalive on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
sub_filter 'TENANTOS_DOMAIN' 'YOUR_PROXY_DOMAIN';
sub_filter_once off;
}
}
TENANTOS_DOMAIN
with the domain of your Tenantos installation and YOUR_PROXY_DOMAIN
with the domain of your proxy.
Tenantos server: Restore original client IPs
The original client IPs must be restored. Create the file /etc/nginx/conf.d/includes/master-global-includes/https/before_location/trustedProxies.conf
on the Tenantos server and add the following:
set_real_ip_from IP_OF_THE_PROXY_SERVER/32;
Then reload or restart nginx: systemctl restart nginx
This must only be done on the Tenantos server, not on the agents.
Test the proxy
After the setup, test the proxy by accessing the console through WHMCS. The console should work as expected, and the URL should be the proxy domain.
Should you encounter the error message "Console URL invalid or IP not permitted", verify that the original client IP addresses are correctly restored on the server. Additionally, ensure that your proxy is accessible via the same IP versions (IPv4/IPv6) as those used by your WHMCS server.