Modifying Server Configurations to Support HTTP

ESX, ESXi, and vCenter Server support the vSphere API through their respective Web services (SOAP) engines. By default, these Web services run on port 443, as secure Web services that can be accessed using SSL over HTTP (HTTPS). However, for a development environment, you might want to simplify the connection process from a client application by configuring the target servers to support HTTP.

Connections to the Web services port are handled by a reverse-proxy service. The reverse-proxy service handles requests to the API (through the /sdk path) and to the Managed Object Browser (through the /mob path). The reverse-proxy service has a configuration file that can be modified to specify support for HTTP as an accepted protocol for the Web service.

The procedure to modify the reverse proxy configuration differs, depending on the server type and the release version. Choose one of the following options that applies to your situation:

■	HTTP Configuration for ESXi 5.1, 5.5, or 6.0

■	HTTP Configuration for ESX 4.1, ESXi 4.1, or ESXi 5.0

■	HTTP Configuration for vCenter Server

HTTP Configuration for ESXi 5.1, 5.5, or 6.0

You can modify ESXi configuration from a shell window over an SSH connection, using the following procedure. If you do not have SSH enabled, use the appropriate vSphere CLI command to obtain the configuration file from the server, modify the file to support HTTP, and move the file back to the ESXi system. For more information about the vSphere CLI command syntax, see the vSphere CLI Installation and Reference Guide.

To modify the Web proxy service on ESXi 5.1, 5.5, or 6.0 to support HTTP

1	Log in to a shell window as the root user.

2	Change directories to /etc/vmware/rhttpproxy.

# cd /etc/vmware/rhttpproxy

3	Copy the endpoints.conf file to a temporary directory for editing.

# cp endpoints.conf /tmp/endpoints.conf

4	Change the permissions on the endpoints.conf file to allow editing.

# chmod +w /tmp/endpoints.conf

5	Use a text editor to open the temporary file.

# vi /tmp/endpoints.conf

6	Navigate to the line that specifies the endpoints for SDK connections, which begins with /sdk.

The line looks similar to this:

/sdk    local    8307               redirect     allow

If the /sdk line ends with the words allow     allow, you do not need to change it. HTTP access is already allowed.

7	To enable HTTP connections, change the word redirect to allow.

When configured to allow both HTTP and HTTPS connections, the /sdk line looks like this:

/sdk    local    8307               allow     allow

8	(Optional) If you prefer to completely disable HTTPS, change the last word to reject instead of allow.

When configured to allow only HTTP connections, the /sdk line looks like this:

/sdk    local    8307               allow     reject

9	(Optional) Change the setting for the Managed Object Browser as well.

When configured to allow both HTTP and HTTPS connections, the /mob line looks like this:

/sdk    local    8307               allow     allow

10	Save your settings and close the file.

11	Copy the original endpoints.conf file to a backup file.

# cp endpoints.conf endpoints.conf.old

12	Change the permissions on the endpoints.conf file to disable editing.

# chmod -w /tmp/endpoints.conf

13	Copy the temporary file endpoints.conf file back, replacing the original endpoints.conf file.

# cp /tmp/endpoints.conf endpoints.conf

14	Signal the reverse proxy service to update its configuration by entering the following command:

/etc/init.d/rhttpproxy restart

Example: An endpoints.conf File Modified To Support HTTP connections to the SDK and the MOB

/ local 8309 redirect allow

/sdk local 8307 allow allow

/client/clients.xml local 8309 allow allow

/ui local 8308 redirect allow

/vpxa local 8089 reject allow

/mob namedpipe       /var/run/vmware/proxy-mob allow allow

/wsman local 8889 redirect allow

/sdkTunnel namedpipetunnel /var/run/vmware/proxy-sdk-tunnel allow reject

/ha-nfc local 12001 allow allow

/nfc local 12000 allow allow

/folder local 8309 redirect allow

/host local 8309 redirect allow

/tmp local 8309 redirect allow

/screen local 8309 redirect allow

/guestFile local 8309 redirect allow

/cgi-bin local 8309 redirect allow

 

HTTP Configuration for ESX 4.1, ESXi 4.1, or ESXi 5.0

You can modify ESX configuration from the service console, using the following procedure. The procedure is the same for ESXi, but you must use a shell window over an SSH connection because ESXi does not have a service console.

If you do not have SSH enabled for your ESXi server, use the appropriate vSphere CLI command to obtain the configuration file from the server, modify the file to support HTTP, and move the file back to the ESXi system. For more information about the vSphere CLI command syntax, see the vSphere CLI Installation and Reference Guide.

To modify the Web proxy service on ESX or ESXi 4.1 or 5.0 to support HTTP

1	Log in to the service console or a shell window as the root user.

2	Change directories to /etc/vmware/hostd.

3	Use a text editor to open the proxy.xml file.

4	Navigate to the list of endpoints in the file, identified by the <EndpointList> tag, that contains settings for the Web service supporting the SDK.

The nested tags might look something like this:

...

<e id="1">

<_type>vim.ProxyService.NamedPipeServiceSpec</_type>

<accessMode>httpsWithRedirect</accessMode>

<pipeName>/var/run/vmware/proxy-sdk</pipeName>

<serverNamespace>/sdk</serverNamespace>

</e>

...

5	Change the accessMode to httpAndHttps.

If you prefer to completely disable HTTPS, set the accessMode to httpOnly.

6	(Optional) Change the setting for the MOB as well.

7	Save your settings and close the file.

8	Restart the vmware-hostd process by entering the following command:

service mgmt-vmware restart

Example: A proxy.xml File Modified To Support the SDK and the MOB

<config>

<EndpointList>

<_length>7</_length>

<_type>vim.ProxyService.EndpointSpec[]</_type>

<e id="0">

<_type>vim.Proxyservice.NamedPipeServiceSpec</_type>

<serverNamespace>/</serverNamespace>

<accessMode>httpsWithRedirect</accessMode>

<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>

</e>

<e id="1">

<_type>vim.ProxyService.LocalServiceSpec</_type>

<serverNamespace>/sdk</serverNamespace>

<accessMode>httpAndHttps</accessMode>

<port>8085</port>

</e>

<e id="2">

<_type>vim.ProxyService.LocalServiceSpec</_type>

<serverNamespace>/ui</serverNamespace>

<accessMode>httpsWithRedirect</accessMode>

<port>8086</port>

</e>

<e id="3">

<_type>vim.ProxyService.NamedPipeServiceSpec</_type>

<serverNamespace>/mob</serverNamespace>

<accessMode>httpAndHttps</accessMode>

<pipeName>\\.\pipe\vmware-vpxd-mob-pipe</pipeName>

</e>

<e id="4">

<_type>vim.ProxyService.NamedPipeServiceSpec</_type>

<serverNamespace>/vod</serverNamespace>

<accessMode>httpsWithRedirect</accessMode>

<pipeName>\\.\pipe\vmware-vpxd-webserver-pipe</pipeName>

</e>

 

HTTP Configuration for vCenter Server

You can modify the reverse proxy configuration for vCenter Server using the following procedure. The configuration file is the same as for ESX 5.0, but in a different location. For more detail about the file contents, see To modify the Web proxy service on ESX or ESXi 4.1 or 5.0 to support HTTP.

Note Your installation might have the configuration file in a different location, such as C:\Program Data\VMware VirtualCenter\proxy.xml.

To modify the Web proxy service on vCenter Server 4.1 to support HTTP

1	Log in to the vCenter Server system as the Windows Administrator of the machine.

2	Change to the directory containing the proxy.xml file:

C:\Documents and Settings\AllUsers\Application Data\VMware VirtualCenter

3	Use a text editor to open the proxy.xml file.

4	Find the section of the file associated with the /sdk.

5	Change the accessMode to httpAndHttps.

6	Restart the service from a command line or from the Windows Services control panel.