NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR06P00984
Applies to: NoMachine Server
Added on: 2018-06-20
Last update: 2019-09-19
How to configure a NoMachine server v. 6 or later to connect web sessions on localhost or on different hosts

This article applies to NoMachine v. 6 or later.

For previous versions, please refer to https://www.nomachine.com/AR07K00679.


Since v.6, all NoMachine servers except the free version support connections by the web, i.e. they include the Apache-based web server (nxhtd) and the NoMachine application to deploy sessions on the web (nxwebplayer/nxwebclient).

By default, the web player is configured to connect web sessions to the NoMachine server installed on the same host (localhost) by using NX protocol and port 4000. No further actions are required.

Given that a NoMachine server with web support is installed, it's possible to configure the web player to connect to a different host or to more hosts (localhost included or not). (Step 1)

In all cases it's possible to change the default NX protocol to SSH. (Step 2)

To connect to a NoMachine server on a different computer, it's necessary to update the list of allowed hosts on web player localhost. Procedure is different when the web player is configured to connect to the server by NX protocol (default) or by SSH protocol. (Step 3)

Step 1 - how to
Connect web sessions to localhost or to an host different than localhost
Connect web sessions to a list of server hosts (including localhost or not)
Step 2 (optional) - how to
Configure the web player to use the NX protocol (default)
Configure the web player to use the SSH protocol (optional)
Step 3 - how to
Update the list of known hosts for connections by NX protocol
Update the list of known hosts for connections by SSH protocol

Step 1 - how to

1.1. Connect web sessions to localhost or to an host different than localhost

Edit the server configuration file, namely installationDirectory/etc/server.cfg

In: Section "Server" edit the 'Host' key and set IP or hostname of the server machine you want to connect to.


By default this section is set to:

Section "Server"

Name "Connection to localhost"
Host localhost
Protocol NX
Port 4000

EndSection


Change 'Host localhost' to point to the NoMachine server host you want to connect to, and give it a name by setting the 'Name' key. For example:

Section "Server"

Name "Testdrive"
Host testdrive.nomachine.com
Protocol NX
Port 4000

EndSection

 

1.2. Connect web sessions to a list of server hosts (including localhost or not)

Edit the server configuration file and create a new Section "Server" entry for each server host. If you keep the original Section "Server", users will be able to connect also to localhost.

Then specify a name for the new section and set IP or hostname of the additional server machine in the Host key.

For example, to connect to both localhost and to the server host testdrive.nomachine.com:

Section "Server"

Name "Default connection"
Host localhost
Protocol NX
Port 4000

EndSection


Section "Server"

Name "Testdrive"
Host testdrive.nomachine.com
Protocol NX
Port 4000

EndSection
 

When the user connects by the web, he/she will see both 'Default connection' and 'Testdrive' listed in the available connections.

 


Step 2 - how to

2.1. Configure the web player to use the NX protocol (default)

By default, connections by web use the NX protocol. You can change it to use the SSH protocol be editing the 'Protocol' and 'Port' keys in the Section "Server".  Please see examples below.

Section "Server"

Name "Default connection"
Host localhost
Protocol NX
Port 4000

EndSection

 

2.2. Configure the web player to use the SSH protocol (optional)

You can configure the web player to use the SSH protocol be editing the 'Protocol' and 'Port' keys in the Section "Server".

For localhost:

Section "Server"

Name "Default connection"
Host localhost
Protocol system
Port 22

EndSection
 

For a different host, e.g. testdrive:

Section "Server"

Name "Testdrive"
Host testdrive.nomachine.com
Protocol system
Port  22

EndSection


Step 3 - how to

Updating the list of known hosts is required when:

i) web player connects to a NoMachine server on a host different than localhost.

ii) a port different than default 4000 for NX protocol or 22 for SSH protocol is set.
For more information on this case see: https://www.nomachine.com/AR06N00888

iii) the certificate is changed.

In this article we focus on connecting web sessions on different hosts (i), but the procedure applies to all cases.
 

3.1. Update the list of known hosts for connections by NX protocol

In case of connection by NX protocol, it's necessary to update the list of allowed hosts in the client.crt default certificate on the main NoMachine server machine. Current versions still require to run a manual procedure. 

Premises:

- Instructions below refer to Linux and assume that the additional server host is testdrive.nomachine.com.

- These instructions must be run on the machine where the main NoMachine server is installed.

- They must be executed for each of the server machines that are specified in the Section "Server" directive in the server.cfg file.

 

Instructions:

1) On the main NoMachine server host, move to the home of nxhtd user and go to .nx/config/ directory.

Home of nxhtd user is placed at:

/var/NX/nxhtd/ on Linux

%PROGRAMDATA%/NoMachine on Windows

/Library/Application Support/NoMachine/var/nxhtd/ on Mac OS X

So, on Linux:

# cd /var/NX/nxhtd/.nx/config/

2) Make a copy of the original client.crt file:

 # cp -p client.crt client.crt.ori

3) Copy the nxd certificate from the additional NoMachine server host (testdrive.nomachine.com) to the main NoMachine server host.

For example on Linux, copy the nxd certificate from testdrive.nomachine.com to your main NoMachine server host:

 # scp root@testdrive.nomachine.com:/usr/NX/etc/keys/host/nx_host_rsa_key.crt .

4) On the main NoMachine server host, add the additional server to client.crt:

 # echo "Host:testdrive.nomachine.com" >> client.crt

5) Then ensure that the main NoMachine server can connect by NX protocol to the additional server by adding to client.crt the nxd certificate previously copied (point 3):

 # cat nx_host_rsa_key.crt >> client.crt

6) Set correct permissions and ownership for your new client.crt file:

 # chmod 600 client.crt
 # chown nxhtd:nxhtd  client.crt

7) You can then delete the nx_host_rsa_key.crt file:

 # rm nx_host_rsa_key.crt


 

If the additional server is part of a NoMachine failover cluster (two NoMachine servers in a HA failover cluster), the main NoMachine server has to connect to the shared IP of the failover cluster.

In this case follow this procedure:

1) Move to the home of nxhtd user and go to .nx/config/ directory.

2) Make a copy of the original client.crt file:

# cp -p client.crt client.crt.ori

3) Copy the cluster certificate from the additional NoMachine server host (clusterip.nomachine.com) to the main NoMachine server host:

# scp root@clusterip.nomachine.com:/usr/NX/etc/keys/host/nx_cluster_rsa_key.crt ./

4) Add the shared IP of the failover cluster server to client.crt:

 # echo "Host:clusterip.nomachine.com" >> client.crt

5) Ensure that the main NoMachine server can connect by NX protocol to the additional server by adding to client.crt the cluster certificate previously copied (point 3):

 # cat nx_cluster_rsa_key.crt >> client.crt

6) Set correct permissions and ownership for client.crt file:

 # chmod 600 client.crt
 # chown nxhtd:nxhtd  client.crt

7) You can then delete the nx_cluster_rsa_key.crt file:

 # rm nx_cluster_rsa_key.crt

 

3.2. Update the list of known hosts for connections by SSH protocol

In case of connection by SSH protocol, to connect via web and SSH protocol to another server than localhost, it's necessary to update the list of allowed hosts in the known_hosts file on the main NoMachine server machine. Current versions still requires to run a manual procedure.


Premises:

- Instructions below refer to Linux and assume that the additional server host is testdrive.nomachine.com.

- These instructions must be run on the machine where the main NoMachine server is installed.

- They must be executed for each of the server machines that are specified in the Section "Server" directive in the server.cfg file.

 

Instructions:

1) Move to the home of nxhtd user and go to the .ssh directory.

Home of nxhtd user is placed at:

/var/NX/nxhtd/ on Linux

/Library/Application Support/NoMachine/var/nxhtd/ on Mac OS X

%PROGRAMDATA%/NoMachine on Windows

For example on Linux:

# cd /var/NX/nxhtd/.ssh/

2) Make a copy of the original known_hosts file:

# cp -p known_hosts  known_hosts.ori

3) Then execute the ssh-keyscan tool for building and verifying ssh_known_hosts files.

For example:

# ssh-keyscan -p 22 -t rsa,dsa testdrive.nomachine.com >> known_hosts

where 22 is the default port for SSH connections unless the SSH server (SSHD) has been configured for listening on a different port and testdrive.nomachine.com is the remote server host that you want to connect via the main NoMachine server.

 


Further information about installing and configuring NoMachine servers is available in the correspondent guide at:

https://www.nomachine.com/all-documents