Enabling Web Access
Configuring Web Resources
The [web-resources] section controls how the Amazon DCV Connection Gateway forwards HTTP requests to an external Web Server.
In particular, the Web Server can be used to host the files of a DCV Web Client,
so that when a browser connects to the Connection Gateway it can retrieve the html, css and javascript files of the DCV Web Client.
By default, the DCV Connection Gateway package does not include the necessary web resources to support browser-based connections. If you would like to enable browser-based
connections to your DCV server fleet, follow the instructions below.
The DCV server package contains the web resources for the DCV Web Client. To obtain these resources, you will need to download the
latest DCV server package
Using Centralized Web Resources
The following walk through will guide you on how to host the resources on the Simple Storage Service
Prerequisites
To perform the steps below, you will need the following:
A provisioned S3 Bucket and AWS Identity and Access Management
permissions to configure it. Note
If you do not have a bucket, instructions can be found here.
IAM permissions to use CloudShell.
IAM permissions to create and configure a CloudFront distribution.
Hosting Web Resources
Open a CloudShell
terminal. Create a temporary directory to store your download by running the following command:
$mkdir /tmp/dcvgw/Download the DCV Server:
$wget https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-el7-aarch64.tgzExtract your download to your temporary directory and rename it:
$tar -xvzf nice-dcv-el7-aarch64.tgz -C /tmp/dcvgw/ mv /tmp/dcvgw/nice-dcv* /tmp/dcvgw/dcv-server-packagesUnpack the rpm to gain access to the web resources:
$rpm2cpio /tmp/dcvgw/dcv-server-packages/nice-dcv-web-viewer*.rpm | cpio -idmvUpload the assets to your S3 bucket:
$aws s3 cp /tmp/dcvgw/dcv-server-packages/usr/share/dcv/www/ s3://BUCKET-NAME/ --recursive
Delivering Web Resources
To keep your S3 bucket protected from the public internet, you will need to create a CloudFront distribution to deliver the web resources. As a best practice, you should use origin access control (OAC) to configure restricted CloudFront access to your bucket. To read more about OAC, see this documentation.
Navigate to the CloudFront console
. Choose Create distribution.
For the Origin domain drop down menu, choose your S3 bucket that will host the web resources.
For Origin access, choose Origin access control settings (recommended).
This will populate a new section called Origin access control. Select Create control setting.
Keep the default selections and choose Create.
Choose Create distribution at the bottom of the page.
Creating the distribution will create a banner at the top that reads “The S3 bucket policy needs to be updated”. Within the banner, choose the Copy policy button and paste the policy locally.
Take note of your Distribution domain name within the Details section of your distribution.
Navigate to your S3 bucket within the S3 console
. Within your bucket, navigate to the Permissions tab.
Within the Bucket policy section, select Edit.
Paste the policy that you acquired from the banner button within the policy editor.
Choose Save changes.
Now that your web resources are being hosted in S3 and delivered from CloudFront, you need to point your DCV Connection Gateway to your distribution so that it can serve the DCV static assets when users initiate browser-based connections. This can be done by adding the attribute below to the [web-resources] section of your gateway’s configuration file.
[web-resources] url =DistributionDomainName
Once you have modified the configuration, reload the gateway.
Using Local Web Resources
The following walk through will guide you on how to host the resources locally on the gateway. Note that since each gateway is hosting their own web resources, if you ever
need to update the resources, you will need to do so across your gateway fleet. The instructions below will target packages for ARM-based Amazon Linux 2 instances. If you have
leveraged a different distribution for your DCV Connection Gateway, you will need to replace the URL in step three with your respective distribution. This can be retrieved from
the Amazon DCV downloads page
Locally Hosting Web Resources
SSH into your DCV Connection Gateway.
Create a temporary directory to hold your download by running the following command:
$mkdir /tmp/dcvgw/Download the latest version of DCV Server:
Note
If you are running an ARM-based Amazon Linux 2 instance:
$wget https://d1uj6qtbmh3dt5.cloudfront.net/nice-dcv-el7-aarch64.tgzExtract your download to your temporary directory and rename it:
$tar -xvzf nice-dcv-el7-aarch64.tgz -C /tmp/dcvgw/ mv /tmp/dcvgw/nice-dcv* /tmp/dcvgw/dcv-server-packagesInstall the web resources package:
$sudo yum localinstall -y /tmp/dcvgw/dcv-server-packages/nice-dcv-web-viewer*.rpmOpen your DCV Connection Gateway configuration file in your preferred text editor:
$sudo vi /etc/dcv-connection-gateway/dcv-connection-gateway.confWithin your
[web-resources]section, add the following line:$local-resources-path = "/usr/share/dcv/www"If your Amazon DCV Connection Gateway service is already running, restart it with the following command:
$sudo systemctl restart dcv-connection-gatewayIf your DCV Connection Gateway service is stopped, start it.
Optional Security Settings
Note
If you are not interested in using the DCV Web Client or if client machines retrieve the DCV Web Client from a separate server, you can skip this section.
If the url parameter is specified, it points to the HTTP end-point of a Web Server which can serve static files, in particular the html,
css and javascript files of the DCV Web Client.
Similarly to the [resolver] section, you can also use the ca-file or the tls-strict settings to be able to connect to a Web server that
has a certificate signed by a private Certificate Authority or a self-signed certificate.
... [web-resources] ca-file = "/path/to/resolver_ca.pem"...
