Ask Your Question
1

No vnc-console "Origin header does not match this host."

asked 2016-03-18 10:47:03 -0500

daubler gravatar image

updated 2016-03-19 04:59:56 -0500

Hi, I tried to make the dashbord only available via https, this worked out fine with my Juno-Installation, now, with neutron I get a "Failed to connect to server (code: 1006)" when I want to connect to the console of an Instance. What I did is: edit the ssl.conf on the controller-node:

ProxyRequests Off
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
  ProxyPass /vnc_auto.html http://10.250.2.5:6080/vnc_auto.html
  ProxyPassReverse /vnc_auto.html http://10.250.2.5:6080/vnc_auto.html
  ProxyPass /websockify ws://10.250.2.5:6080/websockify retry=3
  ProxyPassReverse /websockify ws://10.250.2.5:6080/websockify retry=3
  ProxyPass /include/ http://10.250.2.5:6080/include/
  ProxyPassReverse /include/ http://10.250.2.5:6080/include/

and edited the nova.conf on the compute node:

novncproxy_base_url = https://real.name.of.the.webserver/vnc_auto.html

When I try to open a console on the dashboard it doesn't work, and /var/log/nova/nova-novncproxy.log reports:

2016-03-18 16:34:37.248 23974 INFO oslo.messaging._drivers.impl_rabbit [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] Connecting to AMQP server on ctrl2:5672
2016-03-18 16:34:37.263 23974 INFO oslo.messaging._drivers.impl_rabbit [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] Connected to AMQP server on ctrl2:5672
2016-03-18 16:34:37.342 23974 INFO nova.console.websocketproxy [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] handler exception: Origin header does not match this host.

Could somebody be so nice and bring some light into this? ATB daubler

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2016-03-19 19:44:57 -0500

boidacarapreta gravatar image

updated 2016-05-26 07:05:14 -0500

It happens to Nova, when a mismatch occurs in HTTP header "Host".

I used a workaround in my environment, using NGINX:

https://github.com/boidacarapreta/openstack-ifsc/commit/f74fcda5ada2c387d6f70adeb78f7dcf5c3e5cf5

NGINX changes the header line "Host":

https://github.com/boidacarapreta/openstack-ifsc/blob/f74fcda5ada2c387d6f70adeb78f7dcf5c3e5cf5/puppet/modules/nginx/files/nginx.conf#L75

Which Nova expects:

https://github.com/boidacarapreta/ope.../openstack-nova/files/nova.conf-openstack0#L25

Using Apache as a proxy, I think this can be a solution for you (and keeping your Nova configuration untouched): https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost

edit flag offensive delete link more

Comments

Thank you so much!

ProxyPreserveHost On

was all I had to do!

daubler gravatar imagedaubler ( 2016-03-21 04:05:00 -0500 )edit
0

answered 2016-03-21 04:17:57 -0500

I think you hit an issue which is described in the Nova bug report [1]. This issue got solved with commit [2] and is available since the Nova Liberty release. The implemented solution for it was to introduce a Nova config option "console_allowed_origins" for the DEFAULT section in the "/etc/nova/nova.conf" file. This doesn't solve your issue in your Juno installation but will come in handy when you upgrade later and don't want to rely on private fixes.

References:

edit flag offensive delete link more

Comments

Thank you, I like the ProxyPreserveHost-fix more, for logging purposes.

daubler gravatar imagedaubler ( 2016-03-22 07:36:58 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2016-03-18 10:47:03 -0500

Seen: 1,200 times

Last updated: May 26 '16