[Horizon] unable to view vnc console in <iframe> with SSL

asked 2013-10-22 15:21:52 -0600


I have configured horizon dashboard with SSL enabled. Horizon works perfectly, but in "Console" tab there is no content visible. With chrome devel console i see that content is blocked because vnc prefix url in iframe tag is HTTP and not HTTPS.

How can I configure to make it visible without click "Click here to show only console" ?



edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2013-10-23 21:22:09 -0600

dasp gravatar image

updated 2015-08-24 12:17:46 -0600

Add the following in /etc/nova/nova.conf (in the [DEFAULT] block) to enable SSL for VNC proxy (port 6080):

# novnc proxy

Obviously, tune path to cert and key.

Then, change novncproxy_base_url in the same file to start with https://

The novncproxy_base_url is set on compute nodes, while cert/key on the nova-novncproxy host.

Restart nova-novncproxy, that's it!

edit flag offensive delete link more


It's work! thanks! In addition I have modified /etc/nova.conf in my 3 compute node with https:// schema in novncproxy_base_url. Salvo.

salvorapi gravatar imagesalvorapi ( 2013-10-25 02:32:30 -0600 )edit

This doesn't work for me. I am using Ussuri version and /var/log/nova/nova-novncproxy.log shows:

INFO nova.console.websocketproxy [-] handler exception: wrap_socket() got an unexpected keyword argument '_context'
gsic-emic gravatar imagegsic-emic ( 2020-06-10 05:35:11 -0600 )edit

answered 2015-08-13 15:23:15 -0600

yafsn gravatar image

Just to be a little more specific, the ssl_only/cert/key blob needs to be placed within the "[DEFAULT]" block, not necessarily at the bottom of the config. Also, if you have a separate control plane, the nonvncproxy_base_url change is only made on the compute node, ie where the VM is running.

edit flag offensive delete link more


Thanks for the comment, I updated my answer

dasp gravatar imagedasp ( 2015-08-24 12:18:02 -0600 )edit

answered 2016-06-21 04:08:45 -0600

sxc731 gravatar image

Thanks for these answers guys, very helpful!

I'd just like to add that if your novncproxy is fronted by HAProxy, you may also need to modify the corresponding haproxy config to make sure the encrypted traffic is passed through to the eventual nova-novncproxy process that handles it. In my case (OpenStack Kilo deployed by Mirantis Fuel 7.0), it was simply a case of replacing option httplog with:

mode tcp
option tcplog

in /etc/haproxy/conf.d/170-nova-novncproxy.cfg on all controllers. Finally bounce HAProxy with: crm resource restart p_haproxy.

(more info on SSL traffic handling with haproxy: https://serversforhackers.com/using-s...)

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-10-22 15:21:52 -0600

Seen: 5,350 times

Last updated: Jun 21 '16