1) consoleproxy.sslEnabled = false , restart mgmt, destroy CPVM ONLY all OK ! (UI using HTTP) 2) consoleproxy.sslEnabled = true , restart mgmt, destroy CPVM ONLY all OK ! (UI using HTTP)
consoleproxy.sslEnabled Enable SSL for console proxy true consoleproxy.url.domain Console proxy url domain *.wayscom.net It's Ok now ! ... but I don't know why :-) It seems to me that I had already done that Anyway thank you for your time Andrija Do you know how to switch the UI to https? Regards, Olivier Le 24/02/2020 à 13:08, Andrija Panic a écrit : > login inside that linux box (CPVM) and see what's the apache > configuration (ssl or not, netstat / listenting on 443 or not...etc) > always easy to destroy CPVM (after mgmt server was restarted) and see > if it fixes the issue > > For the start, set consoleproxy.sslEnabled=false, restart mgmt, > destroy CPVM and see if plain HTTP works (make sure to use UI using > HTTP also, otherwise you can't load non-SSL iframe) - to see if you > are able to run CPVM fine in general. > > On Mon, 24 Feb 2020 at 16:54, Olivier Guin > <[email protected]> wrote: > > Indeed, > > I can't connected to :443 ! > > But I don't have any firewall ! > > telnet 200.13.142.188 443 ( or 200-13-142-188.wayscom.net > <http://200-13-142-188.wayscom.net>) > Trying 200.13.142.188... > telnet: connect to address 200.13.142.188 <http://200.13.142.188>: > Connection refused > > conf ? of cpvm ? > > Regards, > > Olivier > > Le 24/02/2020 à 12:40, Andrija Panic a écrit : >> i.e. telnet 200-13-142-188.wayscom.net >> <http://200-13-142-188.wayscom.net> 443 >> Connecting To 200-13-142-188.wayscom.net... >> >> I can't connect to port 443 on this IP (from internet) >> >> >> On Mon, 24 Feb 2020 at 16:38, Andrija Panic < >> [email protected] <mailto:[email protected]>> wrote: >> >> frame src= >> >> "https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1 >> >> <https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g> >> >> This looks fine ^^^ - it tries to load SSL URL >> >> what *exact* problem are you getting? >> >> On Mon, 24 Feb 2020 at 16:31, Olivier Guin >> <[email protected]> >> <mailto:[email protected]> wrote: >> >> Yes, >> >> consoleproxy.url.domain = *.wayscom.net <http://wayscom.net> >> consoleproxy.sslEnabled=true >> secstorage.ssl.cert.domain= *.wayscom.net >> <http://wayscom.net> >> secstorage.encrypt.copy=true >> >> For consoleproxy.url.domain : >> >> = *.wayscom.net <http://wayscom.net> => >> 200-13-142-188.wayscom.net >> <http://200-13-142-188.wayscom.net> from manager ping OK, >> from internet ping OK >> = console.wayscom.net <http://console.wayscom.net> => >> 200.13.142.188 from manager ping OK, from internet ping OK >> >> 2020-02-24 12:27:06,973 DEBUG [c.c.s.ConsoleProxyServlet] >> (qtp1875308878-17:null) (logid:) Port info >> >> consoleurl=https://172.16.11.11/console?uuid=xxxxxxxxxxxx&sessionref=OpaqueRef:xxxxxxxxxx >> 2020-02-24 12:27:06,973 INFO [c.c.s.ConsoleProxyServlet] >> (qtp1875308878-17:null) (logid:) Parse host info returned >> from executing GetVNCPortCommand. host info: >> >> consoleurl=https://172.16.11.11/console?uuid=xxxxxxxxxxxxxxxxxxxxx&sessionref=OpaqueRef:xxxxxxxxx >> 2020-02-24 12:27:06,977 DEBUG [c.c.s.ConsoleProxyServlet] >> (qtp1875308878-17:null) (logid:) Compose console url: >> >> https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxxxxxxxxx-Y76j1g >> 2020-02-24 12:27:06,977 DEBUG [c.c.s.ConsoleProxyServlet] >> (qtp1875308878-17:null) (logid:) the console url is :: >> <html><title>v-202-VM</title><frameset><frame >> >> src="https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g"; >> >> <https://200-13-142-188.wayscom.net/ajax?token=xxxxxxxxxxxxxxxxx-Y76j1g>></frame></frameset></html> >> >> Error connection ! >> >> Regards, >> Olivier >> >> >> Le 24/02/2020 à 12:04, Andrija Panic a écrit : >>> consoleproxy.sslEnabled=true is set in global config ? >>> (a new thing in 4.11 that is not there in pre-4.11 >>> releases and people sometimes miss this one) >>> >>> Regards, >>> Andrija >>> >>> >>> On Mon, 24 Feb 2020 at 15:24, Olivier Guin >>> <[email protected]> >>> <mailto:[email protected]> wrote: >>> >>> Hello, >>> I am trying to set up ssl on systemvm. >>> I was able to migrate without problem from version >>> 4.10 to version 4.13 but since impossible to set up >>> the ssl correctly on my ssvm / cpvm? >>> I follow the documentation >>> >>> (http://docs.cloudstack.apache.org/en/latest/adminguide/systemvm.html) >>> as well as >>> (https://www.shapeblue.com/securing-cloudstack-4-11-with- >>> https-tls /). >>> GUI process: cloudstack indicates that the >>> certificate is OK, the cpvm and ssvm restarts >>> correctly but still without ssl? >>> How to check where it doesn't work ? >>> What would be the points to check ? >>> A priori things have changed since 4.11 ! >>> >>> Best regards >>> >>> Olivier Guin >>> >>> >>> >>> *Olivier GUIN* >>> >>> >>> >>> TL. 0594 31 02 44 >>> >>> ARIAS Informatique >>> >>> 513 ZI Collery 5 >>> */97300 CAYENNE/* >>> *www.ariasnet.com* <http://www.ariasnet.com/> >>> >>> This message and any attachments (the "message") is >>> intended solely for the intended addressees and is >>> confidential. >>> If you receive this message in error,or are not the >>> intended recipient(s), please delete it and any >>> copies from your systems and immediately notify the >>> sender. Any unauthorized view, use that does not >>> comply with its purpose, >>> dissemination or disclosure, either whole or >>> partial, is prohibited. Since the internet cannot >>> guarantee the integrity of this message which may >>> not be reliable, ARIAS Informatique shall not be >>> liable for the message if modified, changed or >>> falsified. >>> Do not print this message unless it is necessary, >>> consider the environment. >>> >>> >>> ---------------------------------------------------------------------------------------------------------------------------------- >>> >>> Ce message et toutes les pieces jointes (ci-apres le >>> "message") sont etablis a l'intention exclusive de >>> ses destinataires et sont confidentiels. >>> Si vous recevez ce message par erreur ou s'il ne >>> vous est pas destine, merci de le detruire ainsi que >>> toute copie de votre systeme et d'en avertir >>> immediatement l'expediteur. Toute lecture non >>> autorisee, toute utilisation de ce message qui n'est >>> pas conforme a sa destination, toute diffusion ou >>> toute publication, totale ou partielle, est >>> interdite. L'Internet ne permettant pas d'assurer >>> l'integrite de ce message electronique susceptible >>> d'alteration, ARIAS Informatique decline(nt) toute >>> responsabilite au titre de ce message dans >>> l'hypothese ou il aurait ete modifie, deforme ou >>> falsifie. >>> N'imprimez ce message que si necessaire, pensez a >>> l'environnement. >>> >>> >>> >>> -- >>> >>> Andrija Panić >> >> >> *Olivier GUIN* >> >> >> >> TL. 0594 31 02 44 >> >> ARIAS Informatique >> >> 513 ZI Collery 5 >> */97300 CAYENNE/* >> *www.ariasnet.com* <http://www.ariasnet.com/> >> >> This message and any attachments (the "message") is >> intended solely for the intended addressees and is >> confidential. >> If you receive this message in error,or are not the >> intended recipient(s), please delete it and any copies >> from your systems and immediately notify the sender. Any >> unauthorized view, use that does not comply with its >> purpose, >> dissemination or disclosure, either whole or partial, is >> prohibited. Since the internet cannot guarantee the >> integrity of this message which may not be reliable, >> ARIAS Informatique shall not be liable for the message if >> modified, changed or falsified. >> Do not print this message unless it is necessary, >> consider the environment. >> >> >> ---------------------------------------------------------------------------------------------------------------------------------- >> >> Ce message et toutes les pieces jointes (ci-apres le >> "message") sont etablis a l'intention exclusive de ses >> destinataires et sont confidentiels. >> Si vous recevez ce message par erreur ou s'il ne vous est >> pas destine, merci de le detruire ainsi que toute copie >> de votre systeme et d'en avertir immediatement >> l'expediteur. Toute lecture non autorisee, toute >> utilisation de ce message qui n'est pas conforme a sa >> destination, toute diffusion ou toute publication, totale >> ou partielle, est interdite. L'Internet ne permettant pas >> d'assurer l'integrite de ce message electronique >> susceptible d'alteration, ARIAS Informatique decline(nt) >> toute responsabilite au titre de ce message dans >> l'hypothese ou il aurait ete modifie, deforme ou falsifie. >> N'imprimez ce message que si necessaire, pensez a >> l'environnement. >> >> >> >> -- >> >> Andrija Panić >> >> >> >> -- >> >> Andrija Panić > > > *Olivier GUIN* > > > > TL. 0594 31 02 44 > > ARIAS Informatique > > 513 ZI Collery 5 > */97300 CAYENNE/* > *www.ariasnet.com* <http://www.ariasnet.com/> > > This message and any attachments (the "message") is intended > solely for the intended addressees and is confidential. > If you receive this message in error,or are not the intended > recipient(s), please delete it and any copies from your systems > and immediately notify the sender. Any unauthorized view, use that > does not comply with its purpose, > dissemination or disclosure, either whole or partial, is > prohibited. Since the internet cannot guarantee the integrity of > this message which may not be reliable, ARIAS Informatique shall > not be liable for the message if modified, changed or falsified. > Do not print this message unless it is necessary, consider the > environment. > > > ---------------------------------------------------------------------------------------------------------------------------------- > > Ce message et toutes les pieces jointes (ci-apres le "message") > sont etablis a l'intention exclusive de ses destinataires et sont > confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas > destine, merci de le detruire ainsi que toute copie de votre > systeme et d'en avertir immediatement l'expediteur. Toute lecture > non autorisee, toute utilisation de ce message qui n'est pas > conforme a sa destination, toute diffusion ou toute publication, > totale ou partielle, est interdite. L'Internet ne permettant pas > d'assurer l'integrite de ce message electronique susceptible > d'alteration, ARIAS Informatique decline(nt) toute responsabilite > au titre de ce message dans l'hypothese ou il aurait ete modifie, > deforme ou falsifie. > N'imprimez ce message que si necessaire, pensez a l'environnement. > > > > -- > > Andrija Panić Olivier GUIN Direction 05 94 31 02 44 Mobile: 0594 31 02 44 513 ZI Collery 5 97300 CAYENNE www.ariasnet.com [http://www.ariasnet.com/]
