I suggest you go and buy cert for 10 bucks and follow the online documentation
to set it up, it took me 20 Mins to set it up rather than working with self
signed cert that you have to install on each PC you want to open the portal
from.
Sent from my BlackBerry 10 smartphone on the Virgin Mobile network.
Original Message
From: Ian Young
Sent: Friday, May 16, 2014 2:47 PM
To: users@cloudstack.apache.org
Reply To: users@cloudstack.apache.org
Subject: Re: replacement for realhostip
The problem appears to be with the console proxy itself. Here are the
ports that are listening on the public interface, according to an nmap TCP
scan:
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
When I logged into the console proxy through the link local address, I
checked for processes on port 443 and there are none, so obviously an HTTPS
connection can't be made. There is a Java process listening on port 80 but
nothing on 443. Is there something in the global settings that will enable
HTTPS, or is this a bug?
root@v-2-VM:~# netstat -lnp | grep java
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN
3491/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
3491/java
On Thu, May 15, 2014 at 2:53 PM, Ian Young <iyo...@ratespecial.com> wrote:
> I just realized I had to set the consoleproxy.url.domain field to "
> realhostip.com" but now when I try to view the console, the browser says
> "The server refused the connection." Does that indicate a problem with the
> SSL certificate?
>
> management-server.log:
> 2014-05-15 14:43:55,506 DEBUG [c.c.a.t.Request] (catalina-exec-15:null)
> Seq 1-90898443: Sending { Cmd , MgmtId: 161342909744, via: 1(
> virthost1.lax.ratespecial.com), Ver: v1, Flags: 100011,
> [{"com.cloud.agent.api.GetVncPortCommand":{"id":2,"name":"v-2-VM","wait":0}}]
> }
> 2014-05-15 14:43:55,563 DEBUG [c.c.a.t.Request]
> (AgentManager-Handler-5:null) Seq 1-90898443: Processing: { Ans: , MgmtId:
> 161342909744, via: 1, Ver: v1, Flags: 10,
> [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"192.168.100.6","port":5901,"result":true,"wait":0}}]
> }
> 2014-05-15 14:43:55,563 DEBUG [c.c.a.t.Request] (catalina-exec-15:null)
> Seq 1-90898443: Received: { Ans: , MgmtId: 161342909744, via: 1, Ver: v1,
> Flags: 10, { GetVncPortAnswer } }
> 2014-05-15 14:43:55,563 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-15:null) Port info 192.168.100.6
> 2014-05-15 14:43:55,563 INFO [c.c.s.ConsoleProxyServlet]
> (catalina-exec-15:null) Parse host info returned from executing
> GetVNCPortCommand. host info: 192.168.100.6
> 2014-05-15 14:43:55,570 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-15:null) Compose console url:
> https://192-168-100-159.realhostip.com/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn7K0vuegv6oMAAq_vDY4Vr_f7jwoVQDkxAE1vmK9oRhy9pvBVlmAdCer6hlVjXQlwL9oJEQO4thhSDg2qeNji02xuxlSmDilVKnd9U9xiHqIV-PgktrKq3J2GT1EpcpTvhsew5COQ1h3j8M9IM8KLZpYA0dDp7TejMmfgSiQI8ifZSh_nNLyyqBzYvl1XWxSaDIrnj7UsP3JKUq74kdY5Pg
> 2014-05-15 14:43:55,570 DEBUG [c.c.s.ConsoleProxyServlet]
> (catalina-exec-15:null) the console url is ::
> <html><title>v-2-VM</title><frameset><frame src="
> https://192-168-100-159.realhostip.com/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn7K0vuegv6oMAAq_vDY4Vr_f7jwoVQDkxAE1vmK9oRhy9pvBVlmAdCer6hlVjXQlwL9oJEQO4thhSDg2qeNji02xuxlSmDilVKnd9U9xiHqIV-PgktrKq3J2GT1EpcpTvhsew5COQ1h3j8M9IM8KLZpYA0dDp7TejMmfgSiQI8ifZSh_nNLyyqBzYvl1XWxSaDIrnj7UsP3JKUq74kdY5Pg
> "></frame></frameset></html>
>
> ssl_access_log:
> 192.168.100.166 - - [15/May/2014:14:44:55 -0700] "GET
> /client/console?cmd=access&vm=086b5822-de00-4764-8b05-d8e00657ee54
> HTTP/1.1" 200 405
>
>
> On Wed, May 14, 2014 at 5:56 PM, Ian Young <iyo...@ratespecial.com> wrote:
>
>> Looks like it's still using HTTP, not HTTPS:
>>
>> 2014-05-14 17:52:35,812 DEBUG [c.c.a.t.Request] (catalina-exec-20:null)
>> Seq 1-800529939: Sending { Cmd , MgmtId: 161342909744, via: 1(
>> virthost1.lax.ratespecial.com), Ver: v1, Flags: 100011,
>> [{"com.cloud.agent.api.GetVncPortCommand":{"id":6,"name":"i-5-6-VM","wait":0}}]
>> }
>> 2014-05-14 17:52:35,861 DEBUG [c.c.a.t.Request]
>> (AgentManager-Handler-1:null) Seq 1-800529939: Processing: { Ans: ,
>> MgmtId: 161342909744, via: 1, Ver: v1, Flags: 10,
>> [{"com.cloud.agent.api.GetVncPortAnswer":{"address":"192.168.100.6","port":5903,"result":true,"wait":0}}]
>> }
>> 2014-05-14 17:52:35,861 DEBUG [c.c.a.t.Request] (catalina-exec-20:null)
>> Seq 1-800529939: Received: { Ans: , MgmtId: 161342909744, via: 1, Ver: v1,
>> Flags: 10, { GetVncPortAnswer } }
>> 2014-05-14 17:52:35,861 DEBUG [c.c.s.ConsoleProxyServlet]
>> (catalina-exec-20:null) Port info 192.168.100.6
>> 2014-05-14 17:52:35,861 INFO [c.c.s.ConsoleProxyServlet]
>> (catalina-exec-20:null) Parse host info returned from executing
>> GetVNCPortCommand. host info: 192.168.100.6
>> 2014-05-14 17:52:35,865 DEBUG [c.c.s.ConsoleProxyServlet]
>> (catalina-exec-20:null) Compose console url:
>> http://192.168.100.159/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn_GSECIK5nC2lBX8cMHvt1_GrmwDVK1PEEAwyueLlgNRgodobz8Lsyv2jEc-mUvMH340AYGt0FyZOuXIA6dunN3yx-bP-vp4rao5Up61eJwOvqFr3PhggNpbq5Up59ObOdYMe2GsBP_3FrL8ZQfBhNBSmViHQ0fKJSyUHDoC9tKlfs2Bb0rPOBxsZeTPfe-hDuaVT-pZxjQXCKM93sujnWw
>> 2014-05-14 17:52:35,865 DEBUG [c.c.s.ConsoleProxyServlet]
>> (catalina-exec-20:null) the console url is ::
>> <html><title>phonesynergy</title><frameset><frame src="
>> http://192.168.100.159/ajax?token=CsPhU4m_R2ZoLIdXOtjo3y3humnQN20wt5fSPjbZOHtRh7nli7tiq0ZiWUuwCVIn_GSECIK5nC2lBX8cMHvt1_GrmwDVK1PEEAwyueLlgNRgodobz8Lsyv2jEc-mUvMH340AYGt0FyZOuXIA6dunN3yx-bP-vp4rao5Up61eJwOvqFr3PhggNpbq5Up59ObOdYMe2GsBP_3FrL8ZQfBhNBSmViHQ0fKJSyUHDoC9tKlfs2Bb0rPOBxsZeTPfe-hDuaVT-pZxjQXCKM93sujnWw
>> "></frame></frameset></html>
>>
>>
>> On Wed, May 14, 2014 at 5:41 PM, Ian Young <iyo...@ratespecial.com>wrote:
>>
>>> I decided to create my own internal realhostip.com. My DNS servers use
>>> PowerDNS, not BIND, so the $GENERATE directive was not an option and I
>>> didn't want to have to populate my DNS servers' databases with a record for
>>> every possible IP address. Fortunately, I found the following Lua script:
>>>
>>> https://github.com/terbolous/powerdns-cloudstack-proxy-dns
>>>
>>> I can confirm the Lua script works as expected and my CloudStack server
>>> can be tricked into believing my internal DNS servers are the authority for
>>> realhostip.com:
>>>
>>> [root@virthost1 ]# dig +short 1-2-3-4.realhostip.com
>>> 1.2.3.4
>>>
>>> I followed this guide and updated the console proxy/SSVM SSL certificate
>>> with my own *.realhostip.com certificate.
>>>
>>>
>>> http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/latest/systemvm.html#changing-the-console-proxy-ssl-certificate-and-domain
>>>
>>> The console proxy restarted but it's still blank when I try to view the
>>> console. Does the domain have to be something other than realhostip.com
>>> ?
>>>
>>
>>
>
