Ask Your Question

No vnc-console "Origin header does not match this host."

asked 2016-03-18 10:47:03 -0500

daubler gravatar image

updated 2016-03-19 04:59:56 -0500

Hi, I tried to make the dashbord only available via https, this worked out fine with my Juno-Installation, now, with neutron I get a "Failed to connect to server (code: 1006)" when I want to connect to the console of an Instance. What I did is: edit the ssl.conf on the controller-node:

ProxyRequests Off
LoadModule proxy_module modules/
LoadModule proxy_http_module modules/
LoadModule proxy_wstunnel_module modules/
  ProxyPass /vnc_auto.html
  ProxyPassReverse /vnc_auto.html
  ProxyPass /websockify ws:// retry=3
  ProxyPassReverse /websockify ws:// retry=3
  ProxyPass /include/
  ProxyPassReverse /include/

and edited the nova.conf on the compute node:

novncproxy_base_url =

When I try to open a console on the dashboard it doesn't work, and /var/log/nova/nova-novncproxy.log reports:

2016-03-18 16:34:37.248 23974 INFO oslo.messaging._drivers.impl_rabbit [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] Connecting to AMQP server on ctrl2:5672
2016-03-18 16:34:37.263 23974 INFO oslo.messaging._drivers.impl_rabbit [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] Connected to AMQP server on ctrl2:5672
2016-03-18 16:34:37.342 23974 INFO nova.console.websocketproxy [req-e88d98ff-7fd9-438f-821f-83267703d04d - - - - -] handler exception: Origin header does not match this host.

Could somebody be so nice and bring some light into this? ATB daubler

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2016-03-19 19:44:57 -0500

boidacarapreta gravatar image

updated 2016-05-26 07:05:14 -0500

It happens to Nova, when a mismatch occurs in HTTP header "Host".

I used a workaround in my environment, using NGINX:

NGINX changes the header line "Host":

Which Nova expects:

Using Apache as a proxy, I think this can be a solution for you (and keeping your Nova configuration untouched):

edit flag offensive delete link more


Thank you so much!

ProxyPreserveHost On

was all I had to do!

daubler gravatar imagedaubler ( 2016-03-21 04:05:00 -0500 )edit

answered 2016-03-21 04:17:57 -0500

I think you hit an issue which is described in the Nova bug report [1]. This issue got solved with commit [2] and is available since the Nova Liberty release. The implemented solution for it was to introduce a Nova config option "console_allowed_origins" for the DEFAULT section in the "/etc/nova/nova.conf" file. This doesn't solve your issue in your Juno installation but will come in handy when you upgrade later and don't want to rely on private fixes.


edit flag offensive delete link more


Thank you, I like the ProxyPreserveHost-fix more, for logging purposes.

daubler gravatar imagedaubler ( 2016-03-22 07:36:58 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2016-03-18 10:47:03 -0500

Seen: 1,702 times

Last updated: May 26 '16