Comments (16)
I don't know lxd-webgui but for that option you need a recent self compiled version of LXD:
from lxd-webgui.
OK, thanks. I'm gonna try it ASAP.
from lxd-webgui.
I think the patch will be included in the next version of LXD.
from lxd-webgui.
Thanks Dobin for your reply.
I just tried the new version of LXD (2.1) and, indeed, i can now set the core.https_allowed_credentials parameter.
That said, i still obtain "Auth Fail" when I try "Test LXD Auth" while i followed step-by-step the mentioned install procedure... (on a fresh OS install)
Do you have an idea of what happens?
from lxd-webgui.
Ohhh OK... It was due to the default hostname registered in my certfile.
Sorry to bother you.
from lxd-webgui.
On my local desktop, my tests are OK except when I try to "add remote image" I get the following error message:
Loading... please wait, this can take some time
Connection error. Could not retrieve data.
I'm obliged to import images manually..
However, if I try to connect remotely (from my laptop into lxd-webgui located on my desktop) I get the same problem at the begining : LXD Auth Fail.
Maybe this is coming from my way to create my certificates. If it is, can you help to create these? because i'm clearly not an expert :)
Thanks in advance.
from lxd-webgui.
Concerning the "add remote image": It will need to download stuff from the internet. Do you have Internet connection your desktop browser? Using the correct proxy?
For your laptop: Did you import the cert.p12 into the browser you are using? Can you connect to the port :9000 (the LXD api) on your desktop (manually with a browser, e.g. hostname:9000/1.0/containers?
from lxd-webgui.
Concerning my desktop internet connection: of course. That said, is it using a special output port (other than 80, 443)? If it is, i'll need to ask our network admin to open it.
Concerning my laptop, i added my cert.p12 (the same as the server) into.
Below the output of hostname:9000/1.0/containers :
{"error":"not authorized","error_code":403,"type":"error"}
I just tried it remotely (from home through VPN) with another laptop and the result seems to be the same...
Thereafter what I can find in the lxd log file:
lvl=warn msg="rejecting request from untrusted client" ip=172.27.0.156:63675
lvl=warn msg="rejecting request from untrusted client" ip=10.242.2.6:49823
(my 2 laptop IP)
from lxd-webgui.
Hmm strange. "Add remote image" just uses standard HTTP/HTTPS ports (basically just a GET to https://images.linuxcontainers.org/1.0/images and all these path's). You can press F12 in the browser and follow the network traffic. Is there a reason mentioned in the logs, why the GET request fails?
According to the LXD source, the log message "rejecting request from untrusted client" only appears if the server could not verify the client certificate. Please double check that you imported the correct cert, and also select the correct one when prompted by the browser.
Or: Are you using your company proxy on your notebook, and does this proxy perform SSL/TLS Man-in-the-middle? Try putting your desktop (LXD server) IP in the exception list in the proxy configuration in the browser.
from lxd-webgui.
Indeed, really really strange!
OK, i forgot to specify my laptops are under OSX. I just tried it on another Linux machine (a desktop PC) and I'm successfully authenticated by LXD but... I still can not list available remote images in "Add remote images" part. However, with my 2 laptops, I cannot be authenticated by LXD (untrusted clients in log file) but I can list available remote images... ;-p
On my laptops, I'm using Firefox 48.0.1
On my desktop, Firefox 48.0
I follow the same procedure to import my p12 certificate.
I dont have any proxy configuration set in my system preferences but, regardless, I add your asked exception without any effet.
from lxd-webgui.
For the notebooks:
Hmm, Firefox has its own certificate store, and will not use the certificate store from OSX. So if you imported the cert as described, there should be no problem. When you browse to https://host:9000/1.0/containers , does the browser show a dialogbox where you can select a cert? Did you enable "Send XHRs with credentials" in the settings page?
For the remote image:
I can reproduce this issue with Firefox.
from lxd-webgui.
Nonfunctional remote images when using a remote lxd server should be fixed with ac1d062
from lxd-webgui.
Thanks for your reply. Now, remote images are available!!!!
Concerning the remote LXD auth, it was due -apparently- exclusively to the way to import and manage cert files in the Apple Keychain (not in Firefox). Now, at least from one of my laptop, all seems to be OK for me. Thanks again!
That said, only for information if needed, Safari browser does not seem to be supported.
from lxd-webgui.
In addition, I note a lot of "Failed to load resource: net::ERR_INSECURE_RESPONSE https://hostname:9000/1.0/containers/..." in the javascript console, from Firefox, Chrome and Safari.
from lxd-webgui.
Quite honestly, I dont understand what was happened. After having reset Firefox (and deleted the cert entry in the OSX keychain), i redo the same procedure to add my cert file into Firefox cert store and now all seems to be OK... Maybe a bug or strange behavior with the last version of Firefox.
Thanks again for your help and your webapp.
from lxd-webgui.
Thanks for the feedback. You're welcome, and have fun using LXD :-) Keep the bug reports coming!
I read something like this (with reset firefox profile), but cannot reproduce as i dont have an OSX machine atm. I'm glad it's working now :-) Certificates seem to ALWAYS generate some kind of problems, everywhere...
I think the "failed to load resource" OK and from normal operation.
from lxd-webgui.
Related Issues (20)
- Common SSL/certificate problems
- Cannot download ubuntu 16.04
- Reload image list periodically
- Container creation: check container name
- container rename: dont allow while container is running
- Somehow have the ability to save previous configuration HOT 7
- remote images is broken again HOT 1
- Cors error when attempting to access webgui HOT 3
- Minimum Ubuntu / LXD Version
- I am seeing only setting page. Why? HOT 9
- following setup steps .. error couldn't find node HOT 9
- Does lxd-webgui support both local & remote lxd containers HOT 1
- web interface error Could not get config from server HOT 3
- Support multiple LXD server HOT 1
- LXD-WEBGUI network access - cmd question HOT 3
- Could not get config from server: https://<my webgui IP address>:8000 HOT 3
- certificate confirmation HOT 1
- Couldn't get config but API access Ok HOT 9
- Cannot get this to work with Firefox HOT 6
- Errors When Installing lxd-webGUI HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lxd-webgui.