I think haproxy is probably more appropriate for your use case. Use TCP mode, and you should be good to go.


Donny Davis

"Ease is a greater threat to progress  than hardship"

On Mon, Dec 17, 2018, 1:29 PM <dcsteve24@gmail.com wrote:
I've run into a small issue I'm looking to resolve. I currently have 5 hosts I'm working to configure as oVirt Hosts and a single oVirt Manager to manage them all. The oVirt Manager can talk to the hosts, the hosts show up, they can be managed, etc.

Our client PCs reside on a different network (and this can't be changed). We used to just add the interfaces to communicate on the new network but because of IP spaces and DFARS/NIST requirements, we are moving away from this. I've set up a reverse proxy so only a single machine serves as the gateway between the networks. This works for everything except one small issue. If you click "Host Console" from the ovirt manager, it opens up a new page with port 9090 to the cockpit page of the host.

I have this working except I am getting a blank page for cockpit after logging in. What's even more odd, I can use the reverse proxy settings to browse to the 443 port and redirect to 9090 and i can load everything fine, but 9090 to 9090 does not work. I've looked at other threads and posts, including the GitLab thing, which got me here, but can't get this last missing piece. Is anybody able to provide any assistance? Based off research it looks like something I could edit in the cockpit.conf file, except ovirt apparently doesn't make the cockpit.conf file... and trying to force it through the GUI by adding /settings to the URL says page not found.

Alternatively I could edit the oVirt Mgr to point to client to the 443 port and that'd work, if I knew where to edit those hyperlinks upon click.

P.S. this is a test/develop internal network env which is why i have proxy_ssl_verify off.

Nginx Reverse Proxy config:
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

upstream websocket {
        server host11.<domain>:9090;
}

server {
       listen         80;
       server_name    host11.<domain>;
       return         301 https://$server_name$request_uri;
}

#Allows user to go directly to server (I work!)
server {
        listen 443;
        server_name host11.<domain>;

        ssl on;
        ssl_certificate <path to certificate.pem>;
        ssl_certificate_key <path to key.pem>;
        proxy_ssl_verify off;

        location / {
                proxy_pass https://websocket;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;

                # needed for websocket
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;

                # change scheme of "Origin" to https
                proxy_set_header Origin https://$host;

                gzip off;
        }

}

#allows ovirtmgr host console redirect (I don't work)
server {
        listen 9090;
        server_name host11.<domain>;

        ssl on;
        ssl_certificate <path to certificate.pem>;
        ssl_certificate_key <path to key.pem>;
        proxy_ssl_verify off;

        location / {
                proxy_pass https://websocket;
                proxy_http_version 1.1;
                proxy_buffering off;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;

                # needed for websocket
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;

                # change scheme of "Origin" to https
                proxy_set_header Origin https://$host;

                gzip off;
        }

}


Host Error Log:
#Log in Page
Dec 17 11:22:15 ovirt11 systemd: Cannot add dependency job for unit lvm2-lvmetad.socket, ignoring: Unit is masked.
Dec 17 11:22:15 ovirt11 systemd: Starting Cockpit Web Service...
Dec 17 11:22:15 ovirt11 systemd: Started Cockpit Web Service.
Dec 17 11:22:16 ovirt11 cockpit-ws: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert
Dec 17 11:22:16 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18185 DF PROTO=TCP SPT=34518 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:42 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54797 DF PROTO=TCP SPT=34520 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0

#after successfully logging in
Dec 17 11:22:42 ovirt11 cockpit-session: pam_ssh_add: Failed adding some keys
Dec 17 11:22:42 ovirt11 systemd-logind: New session 856 of user locadmin.
Dec 17 11:22:42 ovirt11 systemd: Started Session 856 of user locadmin.
Dec 17 11:22:43 ovirt11 cockpit-ws: logged in user session
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28754 DF PROTO=TCP SPT=34522 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24281 DF PROTO=TCP SPT=34524 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32811 DF PROTO=TCP SPT=34526 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24156 DF PROTO=TCP SPT=34528 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60945 DF PROTO=TCP SPT=34530 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31779 DF PROTO=TCP SPT=34532 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45849 DF PROTO=TCP SPT=34534 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7433 DF PROTO=TCP SPT=34536 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13932 DF PROTO=TCP SPT=34538 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48921 DF PROTO=TCP SPT=34540 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23475 DF PROTO=TCP SPT=34542 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21419 DF PROTO=TCP SPT=34544 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54052 DF PROTO=TCP SPT=34546 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34558 DF PROTO=TCP SPT=34548 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0
Dec 17 11:22:58 ovirt11 cockpit-ws: session timed out
Dec 17 11:22:58 ovirt11 systemd-logind: Removed session 856.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JMK45XBR2DTILY2VBRNW6C7GX6KXTZYA/