login inside that linux box (CPVM) and see what's the apache configuration (ssl or not, netstat / listenting on 443 or not...etc) always easy to destroy CPVM (after mgmt server was restarted) and see if it fixes the issue
For the start, set consoleproxy.sslEnabled=false, restart mgmt, destroy CPVM and see if plain HTTP works (make sure to use UI using HTTP also, otherwise you can't load non-SSL iframe) - to see if you are able to run CPVM fine in general. On Mon, 24 Feb 2020 at 16:54, Olivier Guin <[email protected]> wrote: > Indeed, > > I can't connected to :443 ! > > But I don't have any firewall ! > > telnet 200.13.142.188 443 ( or 200-13-142-188.wayscom.net) > Trying 200.13.142.188... > telnet: connect to address 200.13.142.188: Connection refused > > conf ? of cpvm ? > > Regards, > > Olivier > Le 24/02/2020 à 12:40, Andrija Panic a écrit : > > i.e. telnet 200-13-142-188.wayscom.net 443 > Connecting To 200-13-142-188.wayscom.net... > > I can't connect to port 443 on this IP (from internet) > > > On Mon, 24 Feb 2020 at 16:38, Andrija Panic < [email protected]> > wrote: > >> frame src= >> "https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1 >> <https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g> >> >> This looks fine ^^^ - it tries to load SSL URL >> >> what *exact* problem are you getting? >> >> On Mon, 24 Feb 2020 at 16:31, Olivier Guin >> <[email protected]> <[email protected]> >> wrote: >> >>> Yes, >>> >>> consoleproxy.url.domain = *.wayscom.net >>> consoleproxy.sslEnabled=true >>> secstorage.ssl.cert.domain= *.wayscom.net >>> secstorage.encrypt.copy=true >>> >>> For consoleproxy.url.domain : >>> >>> = *.wayscom.net => 200-13-142-188.wayscom.net from manager ping OK, >>> from internet ping OK >>> = console.wayscom.net => 200.13.142.188 from manager ping OK, from >>> internet ping OK >>> >>> 2020-02-24 12:27:06,973 DEBUG [c.c.s.ConsoleProxyServlet] >>> (qtp1875308878-17:null) (logid:) Port info consoleurl= >>> https://172.16.11.11/console?uuid=xxxxxxxxxxxx&sessionref=OpaqueRef:xxxxxxxxxx >>> 2020-02-24 12:27:06,973 INFO [c.c.s.ConsoleProxyServlet] >>> (qtp1875308878-17:null) (logid:) Parse host info returned from executing >>> GetVNCPortCommand. host info: consoleurl= >>> https://172.16.11.11/console?uuid=xxxxxxxxxxxxxxxxxxxxx&sessionref=OpaqueRef:xxxxxxxxx >>> 2020-02-24 12:27:06,977 DEBUG [c.c.s.ConsoleProxyServlet] >>> (qtp1875308878-17:null) (logid:) Compose console url: >>> https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxxxxxxxxx-Y76j1g >>> 2020-02-24 12:27:06,977 DEBUG [c.c.s.ConsoleProxyServlet] >>> (qtp1875308878-17:null) (logid:) the console url is :: >>> <html><title>v-202-VM</title><frameset><frame src= >>> "https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g"; >>> <https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g> >>> ></frame></frameset></html> >>> >>> Error connection ! >>> >>> Regards, >>> Olivier >>> >>> >>> Le 24/02/2020 à 12:04, Andrija Panic a écrit : >>> >>> consoleproxy.sslEnabled=true is set in global config ? >>> (a new thing in 4.11 that is not there in pre-4.11 releases and people >>> sometimes miss this one) >>> >>> Regards, >>> Andrija >>> >>> >>> On Mon, 24 Feb 2020 at 15:24, Olivier Guin >>> <[email protected]> <[email protected]> >>> wrote: >>> >>>> Hello, >>>> I am trying to set up ssl on systemvm. >>>> I was able to migrate without problem from version 4.10 to version 4.13 >>>> but since impossible to set up the ssl correctly on my ssvm / cpvm? >>>> I follow the documentation ( >>>> http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html) >>>> as well as (https://www.shapeblue.com/securing-cloudstack-4-11-with- >>>> https-tls /). >>>> GUI process: cloudstack indicates that the certificate is OK, the cpvm >>>> and ssvm restarts correctly but still without ssl? >>>> How to check where it doesn't work ? >>>> What would be the points to check ? >>>> A priori things have changed since 4.11 ! >>>> Best regards >>>> >>>> Olivier Guin >>>> >>>> >>>> >>>> *Olivier GUIN* >>>> >>>> >>>> >>>> TL. 0594 31 02 44 >>>> [image: ARIAS Informatique] >>>> >>>> 513 ZI Collery 5 >>>> *97300 CAYENNE* >>>> *www.ariasnet.com* <http://www.ariasnet.com/> >>>> >>>> This message and any attachments (the "message") is intended solely for >>>> the intended addressees and is confidential. >>>> If you receive this message in error,or are not the intended >>>> recipient(s), please delete it and any copies from your systems and >>>> immediately notify the sender. Any unauthorized view, use that does not >>>> comply with its purpose, >>>> dissemination or disclosure, either whole or partial, is prohibited. >>>> Since the internet cannot guarantee the integrity of this message which may >>>> not be reliable, ARIAS Informatique shall not be liable for the message if >>>> modified, changed or falsified. >>>> Do not print this message unless it is necessary, consider the >>>> environment. >>>> >>>> >>>> ---------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> Ce message et toutes les pieces jointes (ci-apres le "message") sont >>>> etablis a l'intention exclusive de ses destinataires et sont >>>> confidentiels. >>>> Si vous recevez ce message par erreur ou s'il ne vous est pas destine, >>>> merci de le detruire ainsi que toute copie de votre systeme et d'en avertir >>>> immediatement l'expediteur. Toute lecture non autorisee, toute utilisation >>>> de ce message qui n'est pas conforme a sa destination, toute diffusion ou >>>> toute publication, totale ou partielle, est interdite. L'Internet ne >>>> permettant pas d'assurer l'integrite de ce message electronique susceptible >>>> d'alteration, ARIAS Informatique decline(nt) toute responsabilite au titre >>>> de ce message dans l'hypothese ou il aurait ete modifie, deforme ou >>>> falsifie. >>>> N'imprimez ce message que si necessaire, pensez a l'environnement. >>>> >>> >>> >>> -- >>> >>> Andrija Panić >>> >>> >>> >>> *Olivier GUIN* >>> >>> >>> >>> TL. 0594 31 02 44 >>> [image: ARIAS Informatique] >>> >>> 513 ZI Collery 5 >>> *97300 CAYENNE* >>> *www.ariasnet.com* <http://www.ariasnet.com/> >>> >>> This message and any attachments (the "message") is intended solely for >>> the intended addressees and is confidential. >>> If you receive this message in error,or are not the intended >>> recipient(s), please delete it and any copies from your systems and >>> immediately notify the sender. Any unauthorized view, use that does not >>> comply with its purpose, >>> dissemination or disclosure, either whole or partial, is prohibited. >>> Since the internet cannot guarantee the integrity of this message which may >>> not be reliable, ARIAS Informatique shall not be liable for the message if >>> modified, changed or falsified. >>> Do not print this message unless it is necessary, consider the >>> environment. >>> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------- >>> >>> Ce message et toutes les pieces jointes (ci-apres le "message") sont >>> etablis a l'intention exclusive de ses destinataires et sont confidentiels. >>> Si vous recevez ce message par erreur ou s'il ne vous est pas destine, >>> merci de le detruire ainsi que toute copie de votre systeme et d'en avertir >>> immediatement l'expediteur. Toute lecture non autorisee, toute utilisation >>> de ce message qui n'est pas conforme a sa destination, toute diffusion ou >>> toute publication, totale ou partielle, est interdite. L'Internet ne >>> permettant pas d'assurer l'integrite de ce message electronique susceptible >>> d'alteration, ARIAS Informatique decline(nt) toute responsabilite au titre >>> de ce message dans l'hypothese ou il aurait ete modifie, deforme ou >>> falsifie. >>> N'imprimez ce message que si necessaire, pensez a l'environnement. >>> >> >> >> -- >> >> Andrija Panić >> > > > -- > > Andrija Panić > > > > *Olivier GUIN* > > > > TL. 0594 31 02 44 > [image: ARIAS Informatique] > > 513 ZI Collery 5 > *97300 CAYENNE* > *www.ariasnet.com* <http://www.ariasnet.com/> > > This message and any attachments (the "message") is intended solely for > the intended addressees and is confidential. > If you receive this message in error,or are not the intended recipient(s), > please delete it and any copies from your systems and immediately notify > the sender. Any unauthorized view, use that does not comply with its > purpose, > dissemination or disclosure, either whole or partial, is prohibited. Since > the internet cannot guarantee the integrity of this message which may not > be reliable, ARIAS Informatique shall not be liable for the message if > modified, changed or falsified. > Do not print this message unless it is necessary, consider the environment. > > > ---------------------------------------------------------------------------------------------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le "message") sont > etablis a l'intention exclusive de ses destinataires et sont confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destine, > merci de le detruire ainsi que toute copie de votre systeme et d'en avertir > immediatement l'expediteur. Toute lecture non autorisee, toute utilisation > de ce message qui n'est pas conforme a sa destination, toute diffusion ou > toute publication, totale ou partielle, est interdite. L'Internet ne > permettant pas d'assurer l'integrite de ce message electronique susceptible > d'alteration, ARIAS Informatique decline(nt) toute responsabilite au titre > de ce message dans l'hypothese ou il aurait ete modifie, deforme ou > falsifie. > N'imprimez ce message que si necessaire, pensez a l'environnement. > -- Andrija Panić
