cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Network error when uploading local ISO
Date Mon, 05 Jul 2021 13:37:01 GMT
Alright - because I might have mixed up other ML threads- let me ask you to
read https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/ and
implement the same (for the Console Proxy/SSVM only)

Otherwise, if there is no working certificate for the SSVM (I believe by
default, the old "realhostip" from the old days is used) - anyway - you
won't be able to upload locally ISO or a template

Because there is a hardcoded requirement that HTTPS must be used - so you
must configure TLS certificate as per that blog page (or the official docs,
but blog is much more straightforward)

Cheers,

On Mon, 5 Jul 2021 at 02:24, Joshua Schaeffer <jschaeffer@harmonywave.com>
wrote:

> On 7/4/21 4:16 PM, Andrija Panic wrote:
> > What's the value of your global config parameters:
> >
> > consoleproxy.url.domain
> Empty/blank
> > consoleproxy.sslEnabled
> False
> > secstorage.ssl.cert.domain
> Empty/blank
> > secstorage.encrypt.copy
> False
> >
> > I expect last one or second to last one is wrong/not set - since your
> > browser is showing the request POST being sent to HTTPS:<IP_ADDRESS> (
> > https://192.41.41.161) instead of <DNS_NAME> (https://192-41-41-161
> > .<SSL_DOMAN_HERE.com>
> >
> > Best,
> >
> > On Fri, 2 Jul 2021 at 17:35, Joshua Schaeffer <
> jschaeffer@harmonywave.com>
> > wrote:
> If this could be related to SSL/TLS then I should probably mention I have
> set the ca.plugin.root.auth.strictness to "false". I can't remember the
> exact error I get but I  know I got an error on a new install if I didn't
> do this. I could turn it back on and check if that would provide more info.
> I should also mention that I have not done any SSL/TLS at this point except
> at the load balancer and that does SSL termination. Are there any
> guides/documentation on how best to set these values?
>
> --
> Thanks,
> Joshua Schaeffer
>
>

-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message