[SOLVED] [4.0 beta] Host name change - Web UI domain naming problem

T

tsajuk

New Member
Jan 9, 2009
22
1
1
I'm upgrading a server from 3.4 to 4.0. I installed 4.0 an a new server and checked the Web UI working O.K. using the IP-address.
Copied my vzdump files over from old to new server and stopped the old one. Then I changed the name in /etc/hostname, /etc/hosts and /etc/postfix/main.cf, invoked newaliases and rebooted.

The server did change the name. I can easily access the UI using the IP address (https://144.76.xx.xxx:8006/#v1:0:=node/bulava:3:5:6::::), even though the browser complains that the certificate claims to be for "bulava.xxx.xx".
However if I try to access the UI using the url https://bulava.xxx.xx:8006 I get an empty response.
Something seems to be broken with the virtual hosts configuration, but I can't find it.

I grepped the new ("bulava") and the old ("tamy") name in /etc without results
Code: 
root@bulava:/etc# grep -rHl bulava *
aliases.db
hostname
hosts
postfix/main.cf
pve/.version
pve/.rrd
pve/.clusterlog
pve/.members

root@bulava:/etc# grep -rHl tamy *
lvm/backup/pve
lvm/archive/pve_00000-1875040931.vg
pve/priv/authorized_keys
ssh/ssh_host_ecdsa_key.pub
ssh/ssh_host_rsa_key.pub
ssh/ssh_host_ed25519_key.pub
ssh/ssh_host_dsa_key.pub
Where are the web server config files now?

BTW here are the versions I use:
Code: 
root@bulava:/etc# pveversion -v
proxmox-ve: 4.0-3 (running kernel: 3.19.8-1-pve)
pve-manager: 4.0-24 (running version: 4.0-24/946af136)
pve-kernel-3.19.8-1-pve: 3.19.8-3
lvm2: 2.02.116-pve1
corosync-pve: 2.3.4-2
libqb0: 0.17.1-3
pve-cluster: 4.0-14
qemu-server: 4.0-13
pve-firmware: 1.1-5
libpve-common-perl: 4.0-10
libpve-access-control: 4.0-5
libpve-storage-perl: 4.0-12
pve-libspice-server1: 0.12.5-1
vncterm: 1.2-1
pve-qemu-kvm: 2.3-6
pve-container: 0.9-3
pve-firewall: 2.0-4
pve-ha-manager: 1.0-4
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2
lxc-pve: 1.1.2-1
lxcfs: 0.9-pve1
cgmanager: 0.37-pve1
 
Last edited:
BTW I found some errors in the syslog when using the url https://bulava.xxx.xx:8006 .
Code: 
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5367]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: Can't call method "on_read" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 208.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:45 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:45 bulava pveproxy[5367]: proxy detected vanished client connection[/FONT][/COLOR]
It does in fact look like a certificate problem.
However i just copied over the pve-ssl.key and pve.ssl.pem files from the old server where the certificate worked ok. The URL without the domain name works fine als well.

Interesting fact: after some 90 seconds there is an answer and an empty UI shows up - that's also logged from 06:48:43 in the syslog shown above:confused:
 
For the certificates try running `pvecm updatecerts`.
Did you also change the IP address? And make sure the local hostname resolves to the right IP in /etc/hosts.
 
wbumiller said:
For the certificates try running `pvecm updatecerts`.
Click to expand...
`pvecm updatecerts` run, reboot, no change :(
wbumiller said:
Did you also change the IP address? And make sure the local hostname resolves to the right IP in /etc/hosts.
Click to expand...
The ip there is already the new ip. I changed only the hostname to the new one.

I'ts not a problem specific to my certificate which needs a intermediate cert. I have tested following situations with my own cert and the pve generated certs

[TABLE="class: grid, width: 800"]
[TR]
[TD][/TD]
[TD]https://144.76.xx.xxx:8006[/TD]
[TD]https://bulava.xxx.xx:8006[/TD]
[/TR]
[TR]
[TD]official cert for bulava.xxx.xx[/TD]
[TD]works after confirmation: cert issued for bulava.xxx.xx verified but wrong hostname[/TD]
[TD]no data sent[/TD]
[/TR]
[TR]
[TD]pve selfsigned cert for bulava.xxx.xx[/TD]
[TD]works after confirmation: cert issued for bulava.xxx.xx can't be verified[/TD]
[TD]no data sent[/TD]
[/TR]
[TR]
[TD]pve selfsigned cert for tamy.xxx.xx[/TD]
[TD]works after confirmation: cert issued for tamy.xxx.xx can't be verified[/TD]
[TD]no data sent[/TD]
[/TR]
[/TABLE]

I'm really thinking about going throuh the hell of an clean reinstall :mad: Hell, because it's over a IP-KVM and virtual CDROM media ... will take forever again

So pls confirm, that host.domain URLs are really working with 4.0 beta
 
I made a full reinstall of the proxmox VE from the installation CD only to find out that the client browser generates the problem.

Chrome 43.0.2357.130m - Ip adressing is ok, domain adressing fails
Chrome 43.0.2357.132 m - Ip adressing fails, domain adressing fails
Chrome 45.0.2452.0canary (64-bit) - Ip adressing is ok, domain adressing ok

take care - I'm off to my favorite beergarden Augustinerkeller now. I'll drink a couple of extra Maß Edelstoff on tap from the wooden barrel on all of you.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom