<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div><span>I have found out the problem with the 403 forbidden errors, I needed to pass the following HTTP headers in my nginx reverse proxy configuration:</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span> proxy_set_header X-Real-IP
$remote_addr;<br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br> proxy_set_header Host $http_host;</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span>Now everything works fine except for VNC. Any clues if it is possible to run VNC in Sunstone through an nginx HTTPS reverse proxy? Note here that my reverse proxy and
Sunstone are on the same (frontend) server.</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><br><span></span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span>Regards</span></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida Grande,sans-serif; background-color: transparent; font-style: normal;"><span>ML<br></span></div><div style="display: block;" class="yahoo_quoted"> <br> <br> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On Tuesday, February 4, 2014 12:23 PM, ML mail <mlnospam@yahoo.com> wrote:<br> </font> </div> <div class="y_msg_container"><div id="yiv1841638779"><div><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;">Hi Daniel,<br clear="none"><br clear="none">Using Firefox and Firebug I can see that actually the requests which have trouble are those using AJAX, so the design/layout of Sunstone loads but no data, everything is empty. The requests do not give a 50x error but a 403 Forbidden. Here is a few example of them taken from the Network tab of Firebug:<br clear="none"><br clear="none">3ms<br clear="none">GET vm?timeout=false<br clear="none">403 Forbidden<br clear="none">sunstone-frontend<br clear="none">9 B<br clear="none">192.168.100.170:443<br clear="none"> <br
clear="none">80ms<br clear="none">GET image?timeout=true<br clear="none">403 Forbidden<br clear="none">sunstone-frontend<br clear="none">9 B<br clear="none">192.168.100.170:443<br clear="none"> <br clear="none">41ms<br clear="none">GET vnet?timeout=true<br clear="none">403 Forbidden<br clear="none">sunstone-frontend<br clear="none">9 B<br clear="none">192.168.100.170:443<br clear="none"><br clear="none">Do you have any ideas what could be generating that 403?<br clear="none"><br clear="none">Cheers,<br clear="none">ML<br clear="none"><div><span><br clear="none"></span></div><div class="yiv1841638779yqt6416351425" id="yiv1841638779yqt75916"><div class="yiv1841638779yahoo_quoted" style="display:block;"> <br clear="none"> <br clear="none"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On Tuesday, February 4, 2014 12:01 PM, Daniel Molina <dmolina@opennebula.org> wrote:<br clear="none"> </font> </div> <div class="yiv1841638779y_msg_container"><div id="yiv1841638779"><div><div dir="ltr">Hi,<div class="yiv1841638779gmail_extra"><br clear="none"><br clear="none"><div class="yiv1841638779gmail_quote">On 2 February 2014 00:06, ML mail <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:mlnospam@yahoo.com" target="_blank" href="mailto:mlnospam@yahoo.com">mlnospam@yahoo.com</a>></span> wrote:<br clear="none">
<blockquote class="yiv1841638779gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="font-size:12pt;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;"><div>
<div><div style="font-size:12pt;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;"><div>Hi,</div><div><br clear="none"></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
I am trying to setup nginx as HTTPS reverse proxy to sunstone as described in the OpenNebula3 book. I can get it to work up to the login screen but once logged I get the following error message from sunstone:</div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
<br clear="none"></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">It appears there was a server exception. Please check server's log.<br clear="none">
</div></div></div></div></div></div></blockquote><div><br clear="none"></div><div>Could yo check what request is causing this error? If you are using Chrome you can check it in the Network tab of the developer tools, you should look for a request returning a 500 error.</div>
<div><br clear="none"></div><div>Cheers</div><div> </div><blockquote class="yiv1841638779gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div style="font-size:12pt;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
<div><div><div style="font-size:12pt;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;"><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
<br clear="none">Checking sunstone.log or sunstone.error does not show any error. Anyone knows what could be wrong?</div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
<br clear="none"></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">Below is my nginx server setup:</div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">
<br clear="none"></div><div style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;">upstream sunstone {<br clear="none"> server <a rel="nofollow" shape="rect" target="_blank" href="http://127.0.0.1:9869/">127.0.0.1:9869</a>;<br clear="none">
}<br clear="none"><br clear="none">server {<br clear="none"> listen 443;<br clear="none"> server_name
sunstone-frontend;<br clear="none"> ssl on;<br clear="none"> ssl_certificate /etc/ssl/certs/sunstone.crt;<br clear="none"> ssl_certificate_key /etc/ssl/private/sunstone.key;<br clear="none"> location / {<br clear="none"> proxy_pass <a rel="nofollow" shape="rect" target="_blank" href="http://sunstone/">http://sunstone</a>;<br clear="none">
}<br clear="none">}<br clear="none"><br clear="none"><br clear="none">Cheers,<br clear="none">ML<br clear="none"><br clear="none"></div></div></div></div></div></div><br clear="none">_______________________________________________<br clear="none">
Users mailing list<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:Users@lists.opennebula.org" target="_blank" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br clear="none">
<br clear="none"></blockquote></div><br clear="none"><br clear="all"><div><br clear="none"></div>-- <br clear="none"><div dir="ltr"><div>--<br clear="none"></div>Daniel Molina<br clear="none">Project Engineer<br clear="none">OpenNebula - Flexible Enterprise Cloud Made Simple<br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="http://www.opennebula.org/">www.OpenNebula.org</a> | <a rel="nofollow" shape="rect" ymailto="mailto:dmolina@opennebula.org" target="_blank" href="mailto:dmolina@opennebula.org">dmolina@opennebula.org</a> | @OpenNebula</div><div class="yiv1841638779yqt8697656176" id="yiv1841638779yqtfd10632">
</div></div></div></div></div><br clear="none"><br clear="none"></div> </div> </div> </div></div> </div></div></div><br><br></div> </div> </div> </div> </div></body></html>