You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by "vishnuvs369 (via GitHub)" <gi...@apache.org> on 2024/04/22 12:10:09 UTC
[I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
vishnuvs369 opened a new issue, #8957:
URL: https://github.com/apache/cloudstack/issues/8957
##### ISSUE TYPE
* Other
##### COMPONENT NAME
<!--
System VM's
-->
~~~
~~~
##### CLOUDSTACK VERSION
<!--
4.19.0.1
-->
~~~
~~~
##### SUMMARY
<!-- I am facing difficulties securing CloudStack System VMs using SSL configuration, as described in the documentation provided by ShapeBlue ( https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/)
Steps Taken:
1) Followed the steps outlined in the documentation to configure Dynamic URL for CloudStack System VMs.
2) Configured the required global settings as specified in the documentation.
3) Uploaded SSL certificates through the CloudStack UI for the system VMs.
4) Restarted the CloudStack management server and system VMs to apply the configuration changes.
Observations:
1) After completing the configuration steps, HTTPS access to the CloudStack System VMs is not functioning as expected.
2) Attempts to access the system VMs via HTTPS result in connection errors or unsuccessful HTTPS loading.
3) No visible indication of SSL encryption or secure connection is observed in the browser when accessing the System VMs.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071844761
I tried a telnet to 443 and 8443....443 is not connected
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071807128
> @weizhouapache Ports 443 and 8443 are listening in CPVM...and IP are reachable 
any error/exception in /var/log/cloud.log in CPVM ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071795231
@weizhouapache
Ports 443 and 8443 are listening in CPVM...and IP are reachable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071893346
@weizhouapache
I'm able to telnet 443/8443 from public IP and 127.0.0.1 but not able to telnet 443 from domain name where as 8443 is working.
where i have gone wrong?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071569778
> @weizhouapache I restarted management server and destoyed system vm's, still its not working.
@vishnuvs369
is the DNS name resolvable ?
check if ip and port 443/8443 are reachable from the client/browser
check if port 443/8443 is on listen in CPVM
...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071834154
> @weizhouapache No errors found on CPVM.. 
is dns working ?
check dnsname:443 or dnsname:8443 by nc or telnet
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2070331812
> @weizhouapache I enabled the following settings in global settings consoleproxy.ssl True secstorage.encrypt.copy True
>
> Also Added domains in the below fields consoleproxy.url.domain secstorage.ssl.cert.domain
If you have restarted the management server, destroy the system vms and retry
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071405857
@weizhouapache
I restarted management server and destoyed system vm's, still its not working.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2070325780
I enabled the following settings in global settings
consoleproxy.ssl True
secstorage.encrypt.copy True
Also Added domains in the below fields
consoleproxy.url.domain
secstorage.ssl.cert.domain
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "vishnuvs369 (via GitHub)" <gi...@apache.org>.
vishnuvs369 commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071810661
@weizhouapache
No errors found on CPVM..
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2070303602
@vishnuvs369
what are the related globals settings ?
check https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "weizhouapache (via GitHub)" <gi...@apache.org>.
weizhouapache commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2071856489
> @weizhouapache I tried a telnet to 443 and 8443....443 is not connected 
both 443/8443 should work
you can go to CPVM, and check if 127.0.0.1 443/8443 and public ip 443/8443 work
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] Unable to Secure CloudStack System VMs with Dynamic URL [cloudstack]
Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.
DaanHoogland commented on issue #8957:
URL: https://github.com/apache/cloudstack/issues/8957#issuecomment-2074540742
> @weizhouapache I tried a telnet to 443 and 8443....443 is not connected 
@vishnuvs369 are these attempts from outside your cloud?
if yes, check if there is a firewall keeping you from connecting.
if no, can you share the firewall rules in your cpvm, and a traceroute from where you are trying to access your console?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org