VNC doen't work with https


(Михаил Знак) #1

Today i install RapidSSL and find problem with vnc. i find some issuies iin the forum, but there are don’t work for me.

LOG noVNC
WebSocket server settings:

  • Listen on :29876
  • Flash security policy server
  • No SSL/TLS support (no cert file)
  • proxying from :29876 to targets in /var/lib/one/sunstone_vnc_tokens
    IP: SSL connection but ‘/etc/nginx/ssl/nebula_ca.crt’ not found
    IP: SSL connection but ‘/etc/nginx/ssl/nebula_ca.crt’ not found
    IP: SSL connection but ‘/etc/nginx/ssl/nebula_ca.crt’ not found

NGINX.confuser nginx;
events {
worker_connections 1024;
multi_accept on;
}

http {
log_format main ‘$remote_addr - $remote_user [$time_local] “$request” ‘
’$status $body_bytes_sent “$http_referer” ‘
’"$http_user_agent" “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main;

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;
ssl_session_cache   shared:SSL:10m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_stapling on;

include /etc/nginx/conf.d/*.conf;

}

Virtual Host
upstream sunstone {
server 127.0.0.1:9869;
}

upstream websocketproxy {
server 127.0.0.1:29876;
}

server {
listen :80;
server_name cloud.test.by;
rewrite ^(.
)$ https://cloud.test.by$1 permanent;
}

server {
listen 443 ssl http2 deferred;
ssl on;
ssl_session_timeout 24h;
ssl_certificate /etc/nginx/ssl/nebula_ca.crt;
ssl_certificate_key /etc/nginx/ssl/nebula.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

access_log  /var/log/nginx/opennebula-sunstone-access.log;
error_log  /var/log/nginx/opennebula-sunstone-error.log;

client_max_body_size 10G;

location / {
proxy_pass http://sunstone;
proxy_redirect off;
log_not_found off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-FOR $proxy_add_x_forwarded_for;
}

location /websockify {
    proxy_pass http://websocketproxy;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    add_header Access-Control-Allow-Origin *;
}

}

UI settings
:host: 127.0.0.1
:port: 9869

:vnc_proxy_port: 29876
:vnc_proxy_support_wss: yes
:vnc_proxy_cert: /etc/nginx/ssl/nebula_ca.crt
:vnc_proxy_key: /etc/nginx/ssl/nebula.key
:vnc_proxy_ipv6: false
:vnc_request_password: false


(Михаил Знак) #2

I changed vnc_proxy_cert and vnc_proxy_key paths for /etc/ssl/certs/ and all became good.
But it’s rather strange, cause all permissions was oneadmin:oneadmin and 777