websocket/VNC port range/settings

Get Help
1

I am trying to control the port range that VNC and websockify use for interactive applications. VNC seems to start from 5900+N, however websocket doesn’t have a particular pattern (below is 42717). How can we control websockify server settings i.e. specify a range for Websocket to listen on?

Successfully started VNC server on hostname.edu:5901...
Script starting...
Starting websocket server...
/home/user/ondemand/data/sys/dashboard/batch_connect/dev/RStudio/output/.../script.sh: line 4: i#Clean: command not found
The system default contains no modules
  (env var: LMOD_SYSTEM_DEFAULT_MODULES is empty)
  No changes in loaded modules

+ xfwm4 --compositor=off --daemon --sm-client-disable
WebSocket server settings:
  - Listen on :42717
  - No SSL/TLS support (no cert file)
  - Backgrounding (daemon)
Scanning VNC log file for user authentications...
Generating connection YAML file...
2

@arashnh11

Yes you can set the port range that WebSockify uses, simply modify your cluster configuration like so:

batch_connect:
  vnc:
    min_port: 2000
    max_port: 65535

You can also set the min/max port range in individual batch connect applications as well.

The port is sent to the WebSockify command here: https://github.com/OSC/ood_core/blob/2c6f087e4a9d3317ed39e557ad09c17bb480efd3/lib/ood_core/batch_connect/templates/vnc.rb#L135

Credit to @efranz @jeff.ohrstrom for correcting my previous response! :slight_smile:

3

@arashnh11 FYI @mario edited his original response to fix it to the correct solution. To repeat his solution (since edits do not trigger an email):

Yes you can set the port range that WebSockify uses, simply modify your cluster configuration like so:

batch_connect:
  vnc:
    min_port: 2000
    max_port: 65535

You can also set the min/max port range in individual batch connect applications as well.

Note the context of this in a full cluster config is:

v2:
  metadata:
    title: "Owens"
    login:
    host: "owens.osc.edu"
  job:
    adapter: "torque"
    host: "owens-batch.ten.osc.edu"
    lib: "/opt/torque/lib64"
    bin: "/opt/torque/bin"
    version: "6.0.1"
  batch_connect:
    vnc:
      min_port: 2000
      max_port: 65535
      script_wrapper: "module restore\nmodule load ondemand-vnc\n%s"
4

This was exactly what I was looking for! Thanks for pointing this out and the second response. Indeed I didn’t get the a note on the original edited response.
It would be good to add this to the OOD wiki for those institutions that need to track/restrict certain port ranges for security reasons.

5

I added an issue to the documentation to make this more visible https://github.com/OSC/ood-documentation/issues/389

I’m pretty sure it was there in some form a while ago but it may have been deleted or is just too hard to find.