[one-users] Can't Log Into Sunstone

Hector Sanjuan hsanjuan at opennebula.org
Sun Dec 18 13:29:23 PST 2011


Hi,

I've tried your reverse proxy configuration and it does not work for me  
unless I put a slash at the end of "/sunstone":
                        !
     <Location /sunstone/>
       ProxyPass http://localhost:9869/ ttl=60
       ProxyPassReverse http://localhost:9869/
     </Location>

Otherwise no .js and no .css load for me (im not sure why css does load  
for you). The url to access must be "sunstone.server:port/sunstone/" with  
a / at the end too.

Can you try it? Thanks,

Hector


En Sun, 18 Dec 2011 04:34:24 +0100, Hutson Betts <hut101 at tamu.edu>  
escribió:

> I'm currently having an issue logging into the Sunstone web interface
> using Sunstone's basic authentication.
>
> Visually, I can see the login panel just fine. However, when I enter in
> the credentials for the "oneadmin" user and press "Login", I am brought
> back to the login page with the following URL:
> 	https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]
>
> Now, my setup is a little convoluted to say the least.
>
> My Sunstone configuration file, /etc/one/sunstone-server.conf, is the
> following:
> # OpenNebula sever contact information
> :one_xmlrpc: http://localhost:2633/RPC2
> # Server Configuration
> :host: 127.0.0.1
> :port: 9869
> :auth: basic
> # VNC Configuration
> :vnc_proxy_base_port: 29876
> :novnc_path: /usr/share/one/noVNC
>
> My Apache site configuration file is the following:
> <IfModule mod_ssl.c>
> <VirtualHost _default_:443>
> 	...
>         <IfModule mod_proxy.c>
>                 <Location /occi>
>                         ProxyPass http://localhost:4567/ ttl=60
>                         ProxyPassReverse http://localhost:4567/
>                 </Location>
>         </IfModule>
>
>         <IfModule mod_proxy.c>
>                 <Location /sunstone>
>                         ProxyPass http://localhost:9869/ ttl=60
>                         ProxyPassReverse http://localhost:9869/
>                 </Location>
>         </IfModule>
> 	...
>
> I know the site configuration works just fine when interacting with the
> OCCI proxy.
>
> To gain access to the Sunstone server, I have to use SSH
> port-forwarding:
> 	ssh -A -L 9999:[OPENNEBULA SERVER]:443 [USERNAME]@[SERVER]
>
>
> The Sunstone log file shows the following:
> == Sinatra/1.3.1 has taken the stage on 9869 for development with backup
> from Thin
> 10.1.0.3 - - [17/Dec/2011 21:12:46] "GET / HTTP/1.1" 200 1518 0.0060
> 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET // HTTP/1.1" 200 1518 0.0016
> 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //css/login.css HTTP/1.1" 200
> 4056 0.0026
> 10.1.0.3 - - [17/Dec/2011 21:12:48]
> "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0014
> 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/panel.png HTTP/1.1"
> 200 5227 0.0018
> 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/login.png HTTP/1.1"
> 200 4097 0.0011
> 10.1.0.3 - - [17/Dec/2011 21:12:51] "GET //images/login.png HTTP/1.1"
> 200 4097 0.0013
> 10.1.0.3 - - [17/Dec/2011 21:12:52] "GET //images/panel.png HTTP/1.1"
> 200 5227 0.0024
> 10.1.0.3 - - [17/Dec/2011 21:12:52]
> "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0013
> 10.1.0.3 - - [17/Dec/2011 21:12:58] "GET //images/login_over.png
> HTTP/1.1" 200 4351 0.0013
> 10.1.0.3 - - [17/Dec/2011 21:12:59]
> "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0017
> 10.1.0.3 - - [17/Dec/2011 21:13:11]
> "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0019
> 127.0.0.1 - - [17/Dec/2011 21:19:14]
> "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0018
> 10.1.0.3 - - [17/Dec/2011 21:21:13]
> "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0016
> 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //css/login.css HTTP/1.1" 200
> 4056 0.0011
> 10.1.0.3 - - [17/Dec/2011 21:21:13]
> "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0012
> 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/panel.png HTTP/1.1"
> 200 5227 0.0012
> 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/login.png HTTP/1.1"
> 200 4097 0.0016
>
>
> Apache log files on the server hosting Sunstone:
> 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> "GET /sunstone/?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 9461
> "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> Gecko) Chrome/6.0.472.63 Safari/534.3"
>
> 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600] "GET /sunstone/css/login.css
> HTTP/1.1" 200 1428
> "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> Gecko) Chrome/6.0.472.63 Safari/534.3"
>
> 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> "GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 8223
> "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> Gecko) Chrome/6.0.472.63 Safari/534.3"
>
> 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> "GET /sunstone/images/panel.png HTTP/1.1" 200 3146
> "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> Gecko) Chrome/6.0.472.63 Safari/534.3"
>
> 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> "GET /sunstone/images/login.png HTTP/1.1" 200 3450
> "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> Gecko) Chrome/6.0.472.63 Safari/534.3"
>
> 10.1.0.3 - - [17/Dec/2011:21:21:14 -0600] "GET /favicon.ico HTTP/1.1"
> 403 404 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3
> (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"
>
>
> Lastly, I'm hoping that having the username and password has parameters
> in the URL is part of the issue I'm having. Having those values as
> parameters in the URL means that they are logged in both Sunstone logs
> and Apache logs. Some what of a security issue/concern.
>


-- 
Hector Sanjuan
OpenNebula Developer



More information about the Users mailing list