Access AMS remotely¶
By default, the Anbox Management Client (AMC) runs on the same machine as the Anbox Management Service (AMS) and connects to it through a UNIX socket.
You can also choose to install AMC on a different machine and configure it to connect to AMS through a secure HTTP connection.
Install AMC¶
Install the AMC snap:
snap install amc
Install a trusted certificate¶
If you have installed AMC on a different machine than the AMS, controlling AMS remotely requires trusted security certificates. You can generate self-signed certificates or use certificates signed by a Certificate Authority. See Security certificates for remote clients for more information.
Self-signed certificates¶
To use a self-signed certificate, complete the following steps:
Invoke an
amccommand on the client machine, for example:amc remote ls
To generate a self-signed certificate, you can invoke any
amccommand because AMC automatically generates a self-signed certificate the first time it is invoked.Locate the
$HOME/snap/amc/current/client/client.crtcertificate on the client machine and copy it to the machine that runs AMS.Log on to the machine that runs AMS and configure AMS to trust the new client by adding the client certificate:
amc config trust add client.crt
Configure AMC to connect to AMS¶
After setting up the security certificates, configure AMC to connect to the remote AMS. To do this, choose a name for the remote and enter the following command:
amc remote add <your remote name> https://<IP address of the AMS machine>:8444
Tip
If you haven’t changed the port AMS is listening on, it’s 8444 by default.
The command connects to AMS and shows you the fingerprint of the server certificate. If it matches what you expect, acknowledge the fingerprint by typing “yes”.
Finally, switch to the new remote by running the following command:
amc remote set-default <your remote name>
After this step, all invocations of the amc command use the new remote.