I think haproxy is probably more appropriate for your use case. Use TCP mode, and you should be good to go.
Donny Davis "Ease is a greater threat to progress than hardship" On Mon, Dec 17, 2018, 1:29 PM <[email protected] wrote: > I've run into a small issue I'm looking to resolve. I currently have 5 > hosts I'm working to configure as oVirt Hosts and a single oVirt Manager to > manage them all. The oVirt Manager can talk to the hosts, the hosts show > up, they can be managed, etc. > > Our client PCs reside on a different network (and this can't be changed). > We used to just add the interfaces to communicate on the new network but > because of IP spaces and DFARS/NIST requirements, we are moving away from > this. I've set up a reverse proxy so only a single machine serves as the > gateway between the networks. This works for everything except one small > issue. If you click "Host Console" from the ovirt manager, it opens up a > new page with port 9090 to the cockpit page of the host. > > I have this working except I am getting a blank page for cockpit after > logging in. What's even more odd, I can use the reverse proxy settings to > browse to the 443 port and redirect to 9090 and i can load everything fine, > but 9090 to 9090 does not work. I've looked at other threads and posts, > including the GitLab thing, which got me here, but can't get this last > missing piece. Is anybody able to provide any assistance? Based off > research it looks like something I could edit in the cockpit.conf file, > except ovirt apparently doesn't make the cockpit.conf file... and trying to > force it through the GUI by adding /settings to the URL says page not found. > > Alternatively I could edit the oVirt Mgr to point to client to the 443 > port and that'd work, if I knew where to edit those hyperlinks upon click. > > P.S. this is a test/develop internal network env which is why i have > proxy_ssl_verify off. > > Nginx Reverse Proxy config: > map $http_upgrade $connection_upgrade { > default upgrade; > '' close; > } > > upstream websocket { > server host11.<domain>:9090; > } > > server { > listen 80; > server_name host11.<domain>; > return 301 https://$server_name$request_uri; > } > > #Allows user to go directly to server (I work!) > server { > listen 443; > server_name host11.<domain>; > > ssl on; > ssl_certificate <path to certificate.pem>; > ssl_certificate_key <path to key.pem>; > proxy_ssl_verify off; > > location / { > proxy_pass https://websocket; > proxy_http_version 1.1; > proxy_buffering off; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-For $remote_addr; > > # needed for websocket > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $connection_upgrade; > > # change scheme of "Origin" to https > proxy_set_header Origin https://$host; > > gzip off; > } > > } > > #allows ovirtmgr host console redirect (I don't work) > server { > listen 9090; > server_name host11.<domain>; > > ssl on; > ssl_certificate <path to certificate.pem>; > ssl_certificate_key <path to key.pem>; > proxy_ssl_verify off; > > location / { > proxy_pass https://websocket; > proxy_http_version 1.1; > proxy_buffering off; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header Host $host; > proxy_set_header X-Forwarded-For $remote_addr; > > # needed for websocket > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $connection_upgrade; > > # change scheme of "Origin" to https > proxy_set_header Origin https://$host; > > gzip off; > } > > } > > > Host Error Log: > #Log in Page > Dec 17 11:22:15 ovirt11 systemd: Cannot add dependency job for unit > lvm2-lvmetad.socket, ignoring: Unit is masked. > Dec 17 11:22:15 ovirt11 systemd: Starting Cockpit Web Service... > Dec 17 11:22:15 ovirt11 systemd: Started Cockpit Web Service. > Dec 17 11:22:16 ovirt11 cockpit-ws: Using certificate: > /etc/cockpit/ws-certs.d/0-self-signed.cert > Dec 17 11:22:16 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18185 DF PROTO=TCP > SPT=34518 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:42 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54797 DF PROTO=TCP > SPT=34520 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > > #after successfully logging in > Dec 17 11:22:42 ovirt11 cockpit-session: pam_ssh_add: Failed adding some > keys > Dec 17 11:22:42 ovirt11 systemd-logind: New session 856 of user locadmin. > Dec 17 11:22:42 ovirt11 systemd: Started Session 856 of user locadmin. > Dec 17 11:22:43 ovirt11 cockpit-ws: logged in user session > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28754 DF PROTO=TCP > SPT=34522 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24281 DF PROTO=TCP > SPT=34524 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32811 DF PROTO=TCP > SPT=34526 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24156 DF PROTO=TCP > SPT=34528 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60945 DF PROTO=TCP > SPT=34530 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31779 DF PROTO=TCP > SPT=34532 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=45849 DF PROTO=TCP > SPT=34534 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7433 DF PROTO=TCP > SPT=34536 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13932 DF PROTO=TCP > SPT=34538 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48921 DF PROTO=TCP > SPT=34540 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23475 DF PROTO=TCP > SPT=34542 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21419 DF PROTO=TCP > SPT=34544 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54052 DF PROTO=TCP > SPT=34546 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:43 ovirt11 kernel: HTTPS SYN: IN=ovirtmgmt OUT= > MAC=b8:2a:72:de:a3:76:00:50:56:8b:01:ca:08:00 SRC=192.168.100.251 > DST=192.168.100.111 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=34558 DF PROTO=TCP > SPT=34548 DPT=9090 WINDOW=29200 RES=0x00 SYN URGP=0 > Dec 17 11:22:58 ovirt11 cockpit-ws: session timed out > Dec 17 11:22:58 ovirt11 systemd-logind: Removed session 856. > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/JMK45XBR2DTILY2VBRNW6C7GX6KXTZYA/ >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/64TY4CQ7LBCQXOLUUNQFEN4NJM2U7SJF/
