Hello
Thanks for the kind reply
However I've already set websocket related options in NGINX, seems like this is not the case
I also tried to access spice proxy directly, without NGINX reverse proxying in between
1) When "html5proxy_base_url = http://my-domain-name:6082/spice_auto.html"
- http://my-domain-name:6082/spice_auto.html?token=TOKEN (Accessing spice proxy through NGINX) works
- http://192.168.10.1:6082/spice_auto.html?token=TOKEN (Accessing spice proxy on controller node directly) works
But horizon dashboard page(https://) won't embed spice_auto.html because its link starts with http://
2) When "html5proxy_base_url = https://my-domain-name:6082/spice_auto.html"
- https://my-domain-name:6082/spice_auto.html?token=TOKEN (Accessing spice proxy through NGINX) does not work
spice_auto.html page loads, but browser js console shows: ERROR: Error: Unexpected protocol mismatch.
- http://192.168.10.1:6082/spice_auto.html?token=TOKEN (Accessing spice proxy on controller node directly) does not work
spice_auto.html page loads, but browser js console shows: ERROR: Error: Unexpected protocol mismatch.
I still get "ERROR: Error: Unexpected protocol mismatch." message in browser console, even when accessing spice proxy directly
Thats why I believe spice proxy on controller node works differently based on whether "html5proxy_base_url" starts with http:// or https://
Any suggestions will be appreciated!
Thanks
---------- Original Message ----------
From: "Radosław Piliszek" <radoslaw.piliszek@gmail.com>
To: park0kyung0won@dgist.ac.kr
cc: "Openstack Discuss List" <openstack-discuss@lists.openstack.org>
Date: 2022-09-13 (화) 18:15:06
Title: Re: [openstack yova][nova-spiceproxy] Spice proxy behind SSL termination: protocol mismatch error in horizon web UI
Hi!This is because you need to proxy the websocket protocol. You may want to read up on it in [1] and [2].[2] being the reference point and [1] being an introductory blog post with a simple app example to try out if your config is all right.Kind regards,Radek-yoctozeptoOn Tue, 13 Sept 2022 at 11:11, <park0kyung0won@dgist.ac.kr> wrote:
Hello
I'm trying to deploy openstack services behind the NGINX reverse proxy
NGINX is in charge of SSL termination, and communicates with openstack services unencrypted
When I set "html5proxy_base_url" option in [spice] section of nova.conf file to "http://my-domain-name:6082/spice_auto.html",
spice console in web UI works(by manually typing http://my-domain-name:6082/spice_auto.html in browser address tab), but chrome refuses to load spice console because its http
If I change html5proxy_base_url to "https://my-domain-name:6082/spice_auto.html",
spice console page(spice_auto.html) loads in chrome, but console itself is blank
And I get following errors from chrome developer tools console:
>> disconnect spice_auto.html?toke…8-3a537f56f5b0):144
<< disconnect spice_auto.html?toke…8-3a537f56f5b0):157
ERROR: Error: Unexpected protocol mismatch.
Seems like spice-html5 uses different protocol based on "html5proxy_base_url" option in /etc/nova/nova.conf (whether its https:// or http://)
How can I deploy nova-spiceproxy behind the NGINX reverse proxy, while NGINX is acting as SSL termination point?
Thanks