To support HTML Access, you must install Apache Tomcat, the nginx package, and the HTML Access warball on the Linux-based desktop. Follow the procedure described in this article for your Linux distribution.

Set Up an Ubuntu/Debian Desktop for HTML Access

  1. Install the Apache Tomcat software.
    • For Debian 12.x, install Tomcat 10.
      sudo apt-get install tomcat10
    • For other Debian releases and Ubuntu, install Tomcat 9.
      sudo apt-get install tomcat9
  2. Install the nginx package.
    sudo apt-get install nginx
  3. Edit the /etc/nginx/conf.d/vmwvadc.conf configuration file so that it includes the following contents.
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
     
        ###Enable https
        ssl_certificate /etc/vmware/ssl/rui.crt;
        ssl_certificate_key /etc/vmware/ssl/rui.key;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES;
     
        access_log /var/log/nginx/nginx.vadc.access.log;
        error_log /var/log/nginx/nginx.vadc.error.log;
     
        ###Add security settings
        proxy_cookie_path / "/; SameSite=Lax; HTTPOnly; Secure";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-XSS-Protection "1; mode=block";
     
        ###Enable user certificate(smartcard) authentication
        #ssl_verify_client optional;
        #ssl_client_certificate /etc/vmware/ssl/trustCerts.pem;
     
        location /broker {
            ###Forward user certificate
            #proxy_hide_header SSL-CLIENT-VERIFY;
            #proxy_hide_header X-SSL-CERT;
            #proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
            #proxy_set_header X-SSL-CERT $ssl_client_cert;
     
            proxy_pass https://localhost:8443;
            proxy_ssl_certificate /etc/vmware/ssl/rui.crt;
            proxy_ssl_certificate_key /etc/vmware/ssl/rui.key;
     
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
     
       ###Enable Web Client
       location /portal/webclient {
           proxy_pass http://localhost:8080/portal/webclient;
           proxy_redirect http://$host:$server_port/ https://$host:$server_port/;
           proxy_set_header Host $host:$server_port;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;connect-src 'self' wss:;frame-src 'self' blob:;child-src 'self' blob:;object-src 'self' blob:;frame-ancestors 'self'";
       }
     
     
       location =/ {
           rewrite / /portal/webclient;
       }
    }
  4. Download the Horizon HTML Access portal.war zip file from the VMware download page at https://my.vmware.com/web/vmware/downloads.

    Navigate to the download page for your release of VMware Horizon. The filename is VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip, where YYMM is the marketing version number, y.y.y is the internal version number and xxxxxx is the build number.

  5. Deploy the HTML Access warball.
    • For Debian 12.x, run the following commands.
      #To get portal.war
      unzip VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip
      
      cp portal.war /var/lib/tomcat10/webapps
      chown tomcat: /var/lib/tomcat10/webapps/portal.war
      chmod 755 /var/lib/tomcat10/webapps/portal.war
      cp -r /var/lib/tomcat10/webapps/portal /var/lib/tomcat10/webapps/ROOT/
    • For other Debian releases and Ubuntu, run the following commands.
      #To get portal.war
      unzip VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip
       
      cp portal.war /var/lib/tomcat9/webapps
      chmod 755 /var/lib/tomcat9/webapps/portal.war
  6. Restart the machine for the changes to take effect.

Set Up a RHEL/CentOS Desktop for HTML Access

  1. Install and configure the Tomcat software.
    1. (RHEL 8.x only) Before installing Tomcat, install the latest Extra Packages for Enterprise Linux (EPEL) release.
      yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
    2. Install Tomcat, and configure Security-Enhanced Linux (SELinux) settings for Tomcat.
      sudo yum install tomcat
      /usr/lib/vmware/viewagent/vadc/tomcat_selinux.sh
  2. Install the nginx package.
    1. (RHEL/CentOS 7.x only) Before installing nginx, install the latest EPEL release.
      yum install epel-release
    2. Install the nginx package.
      yum install nginx
  3. Edit the /etc/nginx/conf.d/vmwvadc.conf configuration file so that it includes the following contents.
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
     
        ###Enable https
        ssl_certificate /etc/vmware/ssl/rui.crt;
        ssl_certificate_key /etc/vmware/ssl/rui.key;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES;
     
        access_log /var/log/nginx/nginx.vadc.access.log;
        error_log /var/log/nginx/nginx.vadc.error.log;
     
        ###Add security settings
        proxy_cookie_path / "/; SameSite=Lax; HTTPOnly; Secure";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-XSS-Protection "1; mode=block";
     
        ###Enable user certificate(smartcard) authentication
        #ssl_verify_client optional;
        #ssl_client_certificate /etc/vmware/ssl/trustCerts.pem;
     
        location /broker {
            ###Forward user certificate
            #proxy_hide_header SSL-CLIENT-VERIFY;
            #proxy_hide_header X-SSL-CERT;
            #proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
            #proxy_set_header X-SSL-CERT $ssl_client_cert;
     
            proxy_pass https://localhost:8443;
            proxy_ssl_certificate /etc/vmware/ssl/rui.crt;
            proxy_ssl_certificate_key /etc/vmware/ssl/rui.key;
     
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
     
       ###Enable Web Client
       location /portal/webclient {
           proxy_pass http://localhost:8080/portal/webclient;
           proxy_redirect http://$host:$server_port/ https://$host:$server_port/;
           proxy_set_header Host $host:$server_port;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;connect-src 'self' wss:;frame-src 'self' blob:;child-src 'self' blob:;object-src 'self' blob:;frame-ancestors 'self'";
       }
     
     
       location =/ {
           rewrite / /portal/webclient;
       }
    }
  4. Download the Horizon HTML Access portal.war zip file from the VMware download page at https://my.vmware.com/web/vmware/downloads.

    The filename is VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip, where YYMM is the marketing version number, y.y.y is the internal version number and xxxxxx is the build number.

  5. Deploy the HTML Access warball.
    #To get portal.war
    unzip VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip
     
    sudo cp portal.war /var/lib/tomcat/webapps/
    sudo chown tomcat: /var/lib/tomcat/webapps/portal.war
    sudo chmod -R 750 /var/lib/tomcat/webapps/portal.war
  6. Restart the machine for the changes to take effect.

Set Up a SUSE Desktop for HTML Access

  1. Install and configure the Tomcat software.

    The following example shows the command sequence for installing Tomcat on a SUSE 15 SP3 machine. In the first command line, replace the example address with the Java download URL for your SUSE version.

    sudo zypper addrepo https://download.opensuse.org/repositories/Java:packages/SLE_15_SP3/Java:packages.repo
    sudo zypper refresh
    sudo zypper install tomcat
     
    #Link tomcat.service to /usr/libexec/tomcat/server
    cd /usr/
    sudo ln -s lib libexec
  2. Install the nginx package, if it is not already installed on the SUSE system.
    sudo zypper addrepo -G -t yum -c 'http://nginx.org/packages/sles/15' nginx
    wget http://nginx.org/keys/nginx_signing.key
    sudo rpm --import nginx_signing.key
    sudo zypper install nginx
  3. Edit the /etc/nginx/conf.d/vmwvadc.conf configuration file so that it includes the following contents.
    server {
        listen 443 ssl;
        listen [::]:443 ssl;
     
        ###Enable https
        ssl_certificate /etc/vmware/ssl/rui.crt;
        ssl_certificate_key /etc/vmware/ssl/rui.key;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES;
     
        access_log /var/log/nginx/nginx.vadc.access.log;
        error_log /var/log/nginx/nginx.vadc.error.log;
     
        ###Add security settings
        proxy_cookie_path / "/; SameSite=Lax; HTTPOnly; Secure";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        add_header X-XSS-Protection "1; mode=block";
     
        ###Enable user certificate(smartcard) authentication
        #ssl_verify_client optional;
        #ssl_client_certificate /etc/vmware/ssl/trustCerts.pem;
     
        location /broker {
            ###Forward user certificate
            #proxy_hide_header SSL-CLIENT-VERIFY;
            #proxy_hide_header X-SSL-CERT;
            #proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify;
            #proxy_set_header X-SSL-CERT $ssl_client_cert;
     
            proxy_pass https://localhost:8443;
            proxy_ssl_certificate /etc/vmware/ssl/rui.crt;
            proxy_ssl_certificate_key /etc/vmware/ssl/rui.key;
     
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
     
       ###Enable Web Client
       location /portal/webclient {
           proxy_pass http://localhost:8080/portal/webclient;
           proxy_redirect http://$host:$server_port/ https://$host:$server_port/;
           proxy_set_header Host $host:$server_port;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;connect-src 'self' wss:;frame-src 'self' blob:;child-src 'self' blob:;object-src 'self' blob:;frame-ancestors 'self'";
       }
     
     
       location =/ {
           rewrite / /portal/webclient;
       }
    }
  4. Download the Horizon HTML Access portal.war zip file from the VMware download page at https://my.vmware.com/web/vmware/downloads.

    The filename is VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip, where YYMM is the marketing version number, y.y.y is the internal version number and xxxxxx is the build number.

  5. Deploy the HTML Access warball.
    #To get portal.war
    unzip VMware-Horizon-View-HTML-Access-YYMM-y.y.y-xxxxxx.zip
    
    cp portal.war /usr/share/tomcat/webapps/
  6. Restart the machine for the changes to take effect.