[ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

Jiri Belka jbelka at redhat.com
Tue Aug 16 03:29:31 EDT 2016


It does have logs, filenames "hide" real data.

You should reveal logs and what each file is and
which exact commands you were executing.

Vague statements won't help much. It does work for me,
there much be something strange in your setup but we
cannot know what without details.

j.

----- Original Message -----
From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
To: "Jiri Belka" <jbelka at redhat.com>
Cc: "users" <users at ovirt.org>
Sent: Monday, August 15, 2016 6:18:48 PM
Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/

I tried a version of Nicolás. 
No success :((

1) I create full bundle cert file:

# cat /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/apache-ca.pem > /etc/pki/ovirt-engine/certs/apache-with-ca.cer
# openssl verify /etc/pki/ovirt-engine/certs/apache-with-ca.cer

/etc/pki/ovirt-engine/certs/apache-with-ca.cer: OK

2) I changed config file:

# cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf

PROXY_PORT=6100
SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache-with-ca.cer
SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
SSL_ONLY=True
FORCE_DATA_VERIFICATION=False

3) I restarted the service

# service ovirt-websocket-proxy restart

Problem still exists :(
Any ideas how to trablshut problem?

14.08.2016, 08:59, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
> Hi Jiri.
> But your variant does not work, too
>
> # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
> PROXY_PORT=6100
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
> SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
> SSL_ONLY=True
>
> Some error:
> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>
> any ideas how to trablshut problem?
>
> 14.08.2016, 01:53, "Jiri Belka" <jbelka at redhat.com>:
>>  I have different files for those variables, maybe this is the case?
>>
>>  Review again.
>>
>>  j.
>>
>>  ----- Original Message -----
>>  From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>  To: "Jiri Belka" <jbelka at redhat.com>
>>  Cc: "users" <users at ovirt.org>
>>  Sent: Saturday, August 13, 2016 4:57:45 PM
>>  Subject: Re: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>
>>  I changed my file /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf to:
>>
>>  PROXY_PORT=6100
>>  #SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
>>  #SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key.nopass
>>  #CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>  SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/apache.cer
>>  SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>  CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/apache-ca.pem
>>  SSL_ONLY=True
>>
>>  ...and restart HostedEngine VM.
>>  Problem still exists.
>>
>>  13.08.2016, 17:52, "aleksey.maksimov at it-kb.ru" <aleksey.maksimov at it-kb.ru>:
>>>   It does not work for me. any ideas?
>>>
>>>   02.08.2016, 17:22, "Jiri Belka" <jbelka at redhat.com>:
>>>>    This works for me:
>>>>
>>>>    # cat /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
>>>>    PROXY_PORT=6100
>>>>    SSL_CERTIFICATE=/etc/pki/ovirt-engine/apache-ca.pem
>>>>    SSL_KEY=/etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
>>>>    SSL_ONLY=True
>>>>
>>>>    ----- Original Message -----
>>>>    From: "aleksey maksimov" <aleksey.maksimov at it-kb.ru>
>>>>    To: "users" <users at ovirt.org>
>>>>    Sent: Monday, August 1, 2016 12:13:38 PM
>>>>    Subject: [ovirt-users] oVirt 4 with custom SSL-certificate and SPICE HTML5 browser client -> WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/
>>>>
>>>>    Hello oVirt guru`s !
>>>>
>>>>    I have successfully replaced the oVirt 4 site SSL-certificate according to the instructions from "Replacing oVirt SSL Certificate"
>>>>    section in "oVirt Administration Guide"
>>>>    http://www.ovirt.org/documentation/admin-guide/administration-guide/
>>>>
>>>>    3 files have been replaced:
>>>>
>>>>    /etc/pki/ovirt-engine/certs/apache.cer
>>>>    /etc/pki/ovirt-engine/keys/apache.key.nopass
>>>>    /etc/pki/ovirt-engine/apache-ca.pem
>>>>
>>>>    Now the oVirt site using my certificate and everything works fine, but when I try to use SPICE HTML5 browser client in Firefox or Chrome I see a gray screen and message under the button "Toggle messages output":
>>>>
>>>>    WebSocket error: Can't connect to websocket on URL: wss://ovirt.engine.fqdn:6100/eyJ...0=[object Event]
>>>>
>>>>    Before replacing certificates SPICE HTML5 browser client works.
>>>>    Native SPICE client works fine.
>>>>
>>>>    Tell me what to do with SPICE HTML5 browser client?
>>>>    _______________________________________________
>>>>    Users mailing list
>>>>    Users at ovirt.org
>>>>    http://lists.ovirt.org/mailman/listinfo/users


More information about the Users mailing list