Skip to content

NoVNC Console Proxy

While the module provides certain functionalities, the responsibility for implementation and the required technical expertise falls on you. We cannot offer support for these customizations.

When the console is accessed through WHMCS, a console session is initiated within Tenantos, and customers are redirected to the console page. Although customers do not directly log into Tenantos, the console session operates under the Tenantos domain. While this is not problematic per se, some service providers prefer to not expose the Tenantos URL and disable direct Tenantos panel access.

To accommodate this preference, the module has an event to modify the console URL. This allows for the implementation of a reverse proxy to proxy the console sessions to the Tenantos server without exposing the underlying Tenantos URL.

System Requirements

A VPS with minimal resources is sufficient. As example, 1 GB RAM, 1 core, 10 GB disk space.

Implementation

WHMCS server: Override the console URL

If you are already using custom events, then just copy the overrideConsoleUrl static function into your events.php file. Otherwise, follow these steps:

  1. Copy the file /modules/addons/dservermanager/app/Custom/events.example to /modules/addons/dservermanager/app/Custom/events.php.
  2. Remove all events except the overrideConsoleUrl event.
  3. Replace the value of $newDomain with the domain of your proxy.

Setup Proxy Server

Set up a reverse proxy that forwards connections to Tenantos. The proxy must proxy all paths starting with /console and must support WebSockets. Here is a working example for nginx:

server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  YOUR_PROXY_DOMAIN;

    ssl_certificate /etc/letsencrypt/live/YOUR_PROXY_DOMAIN/fullchain.pem;  
    ssl_certificate_key /etc/letsencrypt/live/YOUR_PROXY_DOMAIN/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    location ~ "^/console" {
        proxy_pass https://TENANTOS_DOMAIN;

        proxy_http_version 1.1;
        proxy_read_timeout 7d;
        proxy_send_timeout 7d;
        proxy_socket_keepalive on;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Accept-Encoding "";

        sub_filter 'TENANTOS_DOMAIN' 'YOUR_PROXY_DOMAIN';
        sub_filter_once off;
    }
}
Replace TENANTOS_DOMAIN with the domain of your Tenantos installation and YOUR_PROXY_DOMAIN with the domain of your proxy.

Tenantos server: Restore original client IPs

The original client IPs must be restored. Create the file /etc/nginx/conf.d/includes/master-global-includes/https/before_location/trustedProxies.conf on the Tenantos server and add the following:

set_real_ip_from IP_OF_THE_PROXY_SERVER/32;

Then reload or restart nginx: systemctl restart nginx

This must only be done on the Tenantos server, not on the agents.

Test the proxy

After the setup, test the proxy by accessing the console through WHMCS. The console should work as expected, and the URL should be the proxy domain.

Should you encounter the error message "Console URL invalid or IP not permitted", verify that the original client IP addresses are correctly restored on the server. Additionally, ensure that your proxy is accessible via the same IP versions (IPv4/IPv6) as those used by your WHMCS server.