Spent months on this problem so I thought I would document it for the community:
Sunstone 5.0.3 KVM Ubuntu 16.04
behavior: sunstone works well with SSL but the VM consoles do not open.
Hint: I use firefox and the Firefox browser console screams:
Firefox can’t establish a connection to the server at ws://panel.example.com:29876/?token=m8pagdywnm9c178esz6t. main.js:59451:30
Setup is like this:
Internet line
|
Firewall
|
haproxy VM
include SSL termination from letsencrypt certificates
|
one server with http and vnc proxy ports open
Haproxy config:
Normal https front-end:
frontend https-in
####letsencrypt config
bind *:443 ssl crt /etc/haproxy/certs/example.com.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
Websockets front end:
# Fronted 29876 VM Consoles #############################################
frontend consoles-in
####letsencrypt config
bind *:29876 ssl crt /etc/haproxy/certs/example.com.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend example_backed
####end letsencrypt config
acl host_panelconsoles hdr(host) -i panel.example.com #
use_backend be_panelconsoles if host_panelconsoles
### Frontend *29876 ########################################## END
Back-ends of ONE:
backend be_panel
balance leastconn # 243
option httpclose # 243
option forwardfor # 243
compression algo gzip # 243
compression type text/css text/less text/plain text/xml application/xml application/json application/javascript # 243
compression offload # 243
no log # 243
cookie JSESSIONID prefix # 243
server panel 10.11.180.19:9869 cookie A check # 243
backend be_panelconsoles
balance leastconn # 243
option httpclose # 243
option forwardfor # 243
compression algo gzip # 243
compression type text/css text/less text/plain text/xml application/xml application/json application/javascript # 243
compression offload # 243
no log # 243
cookie JSESSIONID prefix # 243
server panel 10.11.180.19:29876 cookie A check # 243
In novnc.log some hints:
158.132.139.138: ignoring socket not ready
10.11.180.13: ignoring socket not ready
158.132.139.138: SSL connection but '/self.pem' not found
10.11.180.13: ignoring socket not ready
158.132.139.138: SSL connection but '/self.pem' not found