[one-users] Can't Log Into Sunstone
Hutson Betts
hut101 at tamu.edu
Wed Dec 21 18:36:21 PST 2011
Dear Hector,
Thanks for trying out the Reverse Proxy configuration. I modified my
proxy configuration as you instructed.
When I navigated to: https://localhost:9999/sunstone
I received the following:
Forbidden
You don't have permission to access /sunstone on this server.
Apache Error Log File:
[Wed Dec 21 19:20:34 2011] [error] [client 10.1.0.3] client denied by
server configuration: /var/www/sunstone
[Wed Dec 21 19:20:34 2011] [error] [client 10.1.0.3] client denied by
server configuration: /var/www/favicon.ico
Apache Access Log File:
10.1.0.3 - - [21/Dec/2011:19:20:34 -0600] "GET /sunstone HTTP/1.1" 403
9208 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:19:20:34 -0600] "GET /favicon.ico HTTP/1.1"
403 340 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US)
When I navigated to: https://localhost:9999/sunstone/
I received the correct log-in window, CSS, JS, and all:
The OpenNebula Cloud Operations Center
Apache Error Log File:
[Wed Dec 21 20:19:13 2011] [error] [client 10.1.0.3] client denied by
server configuration: /var/www/favicon.ico
Apache Access Log File:
10.1.0.3 - - [21/Dec/2011:20:19:07 -0600]
"GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 16880
"-" "Mozilla/5.0 (X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:07 -0600]
"GET /sunstone/images/login.png HTTP/1.1" 200 4186 "-" "Mozilla/5.0
(X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:07 -0600]
"GET /sunstone/images/login_over.png HTTP/1.1" 200 3690 "-" "Mozilla/5.0
(X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:07 -0600]
"GET /sunstone/images/panel.png HTTP/1.1" 200 2362 "-" "Mozilla/5.0
(X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600] "GET /sunstone/ HTTP/1.1" 200
836 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600] "GET /sunstone/css/login.css
HTTP/1.1" 200 1396 "https://localhost:9999/sunstone/" "Mozilla/5.0 (X11;
U; Linux i686; en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600]
"GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 223
"https://localhost:9999/sunstone/" "Mozilla/5.0 (X11; U; Linux i686;
en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600]
"GET /sunstone/images/panel.png HTTP/1.1" 200 138
"https://localhost:9999/sunstone/" "Mozilla/5.0 (X11; U; Linux i686;
en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600]
"GET /sunstone/images/login.png HTTP/1.1" 200 138
"https://localhost:9999/sunstone/" "Mozilla/5.0 (X11; U; Linux i686;
en-US)
10.1.0.3 - - [21/Dec/2011:20:19:13 -0600] "GET /favicon.ico HTTP/1.1"
403 404 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US)
I still can't log into Sunstone. The only other thing I see is the
following error on the Chrome Developer Tools:
opennebula.js:480 Uncaught SyntaxError: Unexpected token delete
--
Hutson Betts
Computer Science and Engineering
Texas A&M University
On Sun, 2011-12-18 at 22:29 +0100, Hector Sanjuan wrote:
> Hi,
>
> I've tried your reverse proxy configuration and it does not work for me
> unless I put a slash at the end of "/sunstone":
> !
> <Location /sunstone/>
> ProxyPass http://localhost:9869/ ttl=60
> ProxyPassReverse http://localhost:9869/
> </Location>
>
> Otherwise no .js and no .css load for me (im not sure why css does load
> for you). The url to access must be "sunstone.server:port/sunstone/" with
> a / at the end too.
>
> Can you try it? Thanks,
>
> Hector
>
>
> En Sun, 18 Dec 2011 04:34:24 +0100, Hutson Betts <hut101 at tamu.edu>
> escribió:
>
> > I'm currently having an issue logging into the Sunstone web interface
> > using Sunstone's basic authentication.
> >
> > Visually, I can see the login panel just fine. However, when I enter in
> > the credentials for the "oneadmin" user and press "Login", I am brought
> > back to the login page with the following URL:
> > https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]
> >
> > Now, my setup is a little convoluted to say the least.
> >
> > My Sunstone configuration file, /etc/one/sunstone-server.conf, is the
> > following:
> > # OpenNebula sever contact information
> > :one_xmlrpc: http://localhost:2633/RPC2
> > # Server Configuration
> > :host: 127.0.0.1
> > :port: 9869
> > :auth: basic
> > # VNC Configuration
> > :vnc_proxy_base_port: 29876
> > :novnc_path: /usr/share/one/noVNC
> >
> > My Apache site configuration file is the following:
> > <IfModule mod_ssl.c>
> > <VirtualHost _default_:443>
> > ...
> > <IfModule mod_proxy.c>
> > <Location /occi>
> > ProxyPass http://localhost:4567/ ttl=60
> > ProxyPassReverse http://localhost:4567/
> > </Location>
> > </IfModule>
> >
> > <IfModule mod_proxy.c>
> > <Location /sunstone>
> > ProxyPass http://localhost:9869/ ttl=60
> > ProxyPassReverse http://localhost:9869/
> > </Location>
> > </IfModule>
> > ...
> >
> > I know the site configuration works just fine when interacting with the
> > OCCI proxy.
> >
> > To gain access to the Sunstone server, I have to use SSH
> > port-forwarding:
> > ssh -A -L 9999:[OPENNEBULA SERVER]:443 [USERNAME]@[SERVER]
> >
> >
> > The Sunstone log file shows the following:
> > == Sinatra/1.3.1 has taken the stage on 9869 for development with backup
> > from Thin
> > 10.1.0.3 - - [17/Dec/2011 21:12:46] "GET / HTTP/1.1" 200 1518 0.0060
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET // HTTP/1.1" 200 1518 0.0016
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //css/login.css HTTP/1.1" 200
> > 4056 0.0026
> > 10.1.0.3 - - [17/Dec/2011 21:12:48]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0014
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0018
> > 10.1.0.3 - - [17/Dec/2011 21:12:48] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0011
> > 10.1.0.3 - - [17/Dec/2011 21:12:51] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:52] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0024
> > 10.1.0.3 - - [17/Dec/2011 21:12:52]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:58] "GET //images/login_over.png
> > HTTP/1.1" 200 4351 0.0013
> > 10.1.0.3 - - [17/Dec/2011 21:12:59]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0017
> > 10.1.0.3 - - [17/Dec/2011 21:13:11]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0019
> > 127.0.0.1 - - [17/Dec/2011 21:19:14]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0018
> > 10.1.0.3 - - [17/Dec/2011 21:21:13]
> > "GET //?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 1518 0.0016
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //css/login.css HTTP/1.1" 200
> > 4056 0.0011
> > 10.1.0.3 - - [17/Dec/2011 21:21:13]
> > "GET //images/opennebula-sunstone-big.png HTTP/1.1" 200 8084 0.0012
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/panel.png HTTP/1.1"
> > 200 5227 0.0012
> > 10.1.0.3 - - [17/Dec/2011 21:21:13] "GET //images/login.png HTTP/1.1"
> > 200 4097 0.0016
> >
> >
> > Apache log files on the server hosting Sunstone:
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/?username=oneadmin&password=[PASSWORD] HTTP/1.1" 200 9461
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600] "GET /sunstone/css/login.css
> > HTTP/1.1" 200 1428
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/opennebula-sunstone-big.png HTTP/1.1" 200 8223
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/panel.png HTTP/1.1" 200 3146
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:13 -0600]
> > "GET /sunstone/images/login.png HTTP/1.1" 200 3450
> > "https://localhost:9999/sunstone/?username=oneadmin&password=[PASSWORD]"
> > "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like
> > Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> > 10.1.0.3 - - [17/Dec/2011:21:21:14 -0600] "GET /favicon.ico HTTP/1.1"
> > 403 404 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3
> > (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"
> >
> >
> > Lastly, I'm hoping that having the username and password has parameters
> > in the URL is part of the issue I'm having. Having those values as
> > parameters in the URL means that they are logged in both Sunstone logs
> > and Apache logs. Some what of a security issue/concern.
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111221/973884af/attachment-0003.pgp>
More information about the Users
mailing list