[one-users] VNC in sunstone not working on firefox 26 (one 4.4)

Hamada, Ondrej ondrej.hamada at acision.com
Tue Feb 4 04:44:29 PST 2014 

Hmm, so the problem is probably in my VNC proxy configuration. If I enable the websockets for user, then the VNC window shows up, but it is disconnected. In chrome it is now disconnected too and novnc.log reports missing pem file in /var/lib/one although I have specified both certificate and key in the vnc-proxy parameters in sunstone-server.conf

From: Wilma Hermann [mailto:wilma.hermann at gmail.com]
Sent: Tuesday, February 04, 2014 1:10 PM
To: Hamada, Ondrej
Cc: Daniel Molina; users
Subject: Re: [one-users] VNC in sunstone not working on firefox 26 (one 4.4)

Hi,
The reset of the connection is perfectly right. It's only about trusting the certificate on that port. After that, secure VNC should work. Make sure, that the user account you're using in Sunstone has secure Websockets enabled. You can't access the insecure VNC from an TLS-protected Sunstone because of the Same-Origin-Policy.
Greetings
Wilma

2014-02-04 Hamada, Ondrej <ondrej.hamada at acision.com<mailto:ondrej.hamada at acision.com>>:
Hi,
Thank you for hints, but my connection gets reseted when trying to access https://opennebulaaddr:29876. I already have permanent exception for my cert in firefox.

Ondra

From: Daniel Molina [mailto:dmolina at opennebula.org<mailto:dmolina at opennebula.org>]
Sent: Tuesday, February 04, 2014 12:03 PM
To: Hamada, Ondrej
Cc: users
Subject: Re: [one-users] VNC in sunstone not working on firefox 26 (one 4.4)

Hi Ondra,

Let us know if the solution proposed by Wilma works for you.

Thank you both for your feedback.

On 1 February 2014 19:41, Wilma Hermann <wilma.hermann at gmail.com<mailto:wilma.hermann at gmail.com>> wrote:
Hi,
are you using a self-signed certificate? I encountered the same issue with a snakeoil-cert, Firefox seems to store the trust to a certain certificate not only based on the domain but also on the port used. Since VNC is using a different port, this ends up in a missing trust-warning. Try opening https://opennebulaaddr<https://opennebulaaddr/vm/272/startvnc>:29876/ in your firefox. If it gives you a warning, then you only need to trust your cert and sucure VNC should work.
Greetings
Wilma

2014-01-31 Tino Vazquez <cvazquez at c12g.com<mailto:cvazquez at c12g.com>>:

Hi,

Ok, thanks for letting us know. I've opened a ticket to reproduce and
solve this problem for future releases:

 http://dev.opennebula.org/issues/2703

Regards,

-Tino

--
OpenNebula - Flexible Enterprise Cloud Made Simple

--
Constantino Vázquez Blanco, PhD, MSc
Senior Infrastructure Architect at C12G Labs
www.c12g.com<http://www.c12g.com> | @C12G | es.linkedin.com/in/tinova<http://es.linkedin.com/in/tinova>

--
Confidentiality Warning: The information contained in this e-mail and
any accompanying documents, unless otherwise expressly indicated, is
confidential and privileged, and is intended solely for the person
and/or entity to whom it is addressed (i.e. those identified in the
"To" and "cc" box). They are the property of C12G Labs S.L..
Unauthorized distribution, review, use, disclosure, or copying of this
communication, or any part thereof, is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify us
immediately by e-mail at abuse at c12g.com<mailto:abuse at c12g.com> and delete the e-mail and
attachments and any copy from your system. C12G thanks you for your
cooperation.


On 31 January 2014 17:05, Hamada, Ondrej <ondrej.hamada at acision.com<mailto:ondrej.hamada at acision.com>> wrote:
> Hi Tino,
> Yes, I can confirm that. Without SSL the VNC works in firefox.
>
> Regards,
>
> Ondra
>
> -----Original Message-----
> From: Tino Vazquez [mailto:cvazquez at c12g.com<mailto:cvazquez at c12g.com>]
> Sent: Friday, January 31, 2014 12:50 PM
> To: Hamada, Ondrej
> Cc: users
> Subject: Re: [one-users] VNC in sunstone not working on firefox 26 (one 4.4)
>
> Hi Ondrej,
>
> Just to rule out other problems, can you confirm that without SSL VNC is working in Firefox?
>
> Regards,
>
> -Tino
> --
> OpenNebula - Flexible Enterprise Cloud Made Simple
>
> --
> Constantino Vázquez Blanco, PhD, MSc
> Senior Infrastructure Architect at C12G Labs www.c12g.com<http://www.c12g.com> | @C12G | es.linkedin.com/in/tinova<http://es.linkedin.com/in/tinova>
>
> --
> Confidentiality Warning: The information contained in this e-mail and any accompanying documents, unless otherwise expressly indicated, is confidential and privileged, and is intended solely for the person and/or entity to whom it is addressed (i.e. those identified in the "To" and "cc" box). They are the property of C12G Labs S.L..
> Unauthorized distribution, review, use, disclosure, or copying of this communication, or any part thereof, is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify us immediately by e-mail at abuse at c12g.com<mailto:abuse at c12g.com> and delete the e-mail and attachments and any copy from your system. C12G thanks you for your cooperation.
>
>
> On 30 January 2014 17:59, Hamada, Ondrej <ondrej.hamada at acision.com<mailto:ondrej.hamada at acision.com>> wrote:
>> Hi Tino,
>> Thank you for reply. Here's the output:
>>
>> 17:45:06.596 POST https://opennebulaaddr/vm/272/startvnc [HTTP/1.1 200
>> OK 59ms]
>> 17:45:06.621 SecurityError: The operation is insecure. websock.js:333
>> 17:45:06.619 "New state 'loaded', was 'disconnected'. Msg: noVNC
>> ready: native WebSockets, canvas rendering" util.js:110
>> 17:45:06.620 "New state 'connect', was 'loaded'." util.js:110
>> 17:45:06.621 "Skipping unsupported WebSocket binary sub-protocol"
>> util.js:111
>> 17:45:08.621 "New state 'failed', was 'connect'. Msg: Connect timeout"
>> util.js:111
>> 17:45:08.672 "New state 'disconnected', was 'failed'."
>>
>> The security error - it remains me that the problems had started probably after I've configured apache as a SSL proxy for sunstone. And in Chrome it works ok. Unfortunately I need the SSL enabled.
>>
>> -----Original Message-----
>> From: Tino Vazquez [mailto:cvazquez at c12g.com<mailto:cvazquez at c12g.com>]
>> Sent: Thursday, January 30, 2014 4:24 PM
>> To: Hamada, Ondrej
>> Cc: users
>> Subject: Re: [one-users] VNC in sunstone not working on firefox 26
>> (one 4.4)
>>
>> Hi Ondrej,
>>
>> Right after clicking on the VNC link, is anything showing in the Firefox dev tools console [1]?
>>
>> Best,
>>
>> -Tino
>>
>> [1] https://developer.mozilla.org/en/docs/Tools
>> --
>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>
>> --
>> Constantino Vázquez Blanco, PhD, MSc
>> Senior Infrastructure Architect at C12G Labs www.c12g.com<http://www.c12g.com> | @C12G |
>> es.linkedin.com/in/tinova<http://es.linkedin.com/in/tinova>
>>
>> --
>> Confidentiality Warning: The information contained in this e-mail and any accompanying documents, unless otherwise expressly indicated, is confidential and privileged, and is intended solely for the person and/or entity to whom it is addressed (i.e. those identified in the "To" and "cc" box). They are the property of C12G Labs S.L..
>> Unauthorized distribution, review, use, disclosure, or copying of this communication, or any part thereof, is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify us immediately by e-mail at abuse at c12g.com<mailto:abuse at c12g.com> and delete the e-mail and attachments and any copy from your system. C12G thanks you for your cooperation.
>>
>>
>> On 27 January 2014 18:27, Ondrej Hamada <ondrej.hamada at acision.com<mailto:ondrej.hamada at acision.com>> wrote:
>>> Hi,
>>> currently I'm unable to use VNC from sunstone (OpenNebula 4.4, debian
>>> 7.2). Sunstone shows the information about VNC start and then no VNC
>>> windows pops up. This is happening on firefox 26 only (and also on my
>>> colleague's computer). The same web in chromium 32 works ok. Has
>>> anyone else encountered same problem? Any idea where's the problem?
>>>
>>> --
>>> Ondrej Hamada
>>>
>>>
>>> This e-mail and any attachment is for authorised use by the intended
>>> recipient(s) only. It may contain proprietary material, confidential
>>> information and/or be subject to legal privilege. It should not be
>>> copied, disclosed to, retained or used by, any other party. If you
>>> are not an intended recipient then please promptly delete this e-mail
>>> and any attachment and all copies and inform the sender. Thank you
>>> for understanding.
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org<mailto:Users at lists.opennebula.org>
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.
>>
>>
>
>
> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.
>
>
_______________________________________________
Users mailing list
Users at lists.opennebula.org<mailto:Users at lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


_______________________________________________
Users mailing list
Users at lists.opennebula.org<mailto:Users at lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



--
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org<http://www.OpenNebula.org> | dmolina at opennebula.org<mailto:dmolina at opennebula.org> | @OpenNebula

________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.


_______________________________________________
Users mailing list
Users at lists.opennebula.org<mailto:Users at lists.opennebula.org>
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org


________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140204/65e97cc7/attachment-0002.htm>

More information about the Users mailing list