[SOLVED] [4.0 beta] Host name change - Web UI domain naming problem

tsajuk · Jul 10, 2015

I'm upgrading a server from 3.4 to 4.0. I installed 4.0 an a new server and checked the Web UI working O.K. using the IP-address.
Copied my vzdump files over from old to new server and stopped the old one. Then I changed the name in /etc/hostname, /etc/hosts and /etc/postfix/main.cf, invoked newaliases and rebooted.

The server did change the name. I can easily access the UI using the IP address (https://144.76.xx.xxx:8006/#v1:0:=node/bulava:3:5:6::::), even though the browser complains that the certificate claims to be for "bulava.xxx.xx".
However if I try to access the UI using the url https://bulava.xxx.xx:8006 I get an empty response.
Something seems to be broken with the virtual hosts configuration, but I can't find it.

I grepped the new ("bulava") and the old ("tamy") name in /etc without results

Code:

root@bulava:/etc# grep -rHl bulava *
aliases.db
hostname
hosts
postfix/main.cf
pve/.version
pve/.rrd
pve/.clusterlog
pve/.members

root@bulava:/etc# grep -rHl tamy *
lvm/backup/pve
lvm/archive/pve_00000-1875040931.vg
pve/priv/authorized_keys
ssh/ssh_host_ecdsa_key.pub
ssh/ssh_host_rsa_key.pub
ssh/ssh_host_ed25519_key.pub
ssh/ssh_host_dsa_key.pub

Where are the web server config files now?

BTW here are the versions I use:

Code:

root@bulava:/etc# pveversion -v
proxmox-ve: 4.0-3 (running kernel: 3.19.8-1-pve)
pve-manager: 4.0-24 (running version: 4.0-24/946af136)
pve-kernel-3.19.8-1-pve: 3.19.8-3
lvm2: 2.02.116-pve1
corosync-pve: 2.3.4-2
libqb0: 0.17.1-3
pve-cluster: 4.0-14
qemu-server: 4.0-13
pve-firmware: 1.1-5
libpve-common-perl: 4.0-10
libpve-access-control: 4.0-5
libpve-storage-perl: 4.0-12
pve-libspice-server1: 0.12.5-1
vncterm: 1.2-1
pve-qemu-kvm: 2.3-6
pve-container: 0.9-3
pve-firewall: 2.0-4
pve-ha-manager: 1.0-4
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2
lxc-pve: 1.1.2-1
lxcfs: 0.9-pve1
cgmanager: 0.37-pve1

spirit · Jul 10, 2015

They are no webserver since proxmox 3.0.

this is the pveproxy daemon which manage this.

It's take certificates from /etc/pve/...

tsajuk · Jul 10, 2015

BTW I found some errors in the syslog when using the url https://bulava.xxx.xx:8006 .

Code:

[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5367]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:47:26 bulava pveproxy[6395]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: Can't call method "on_read" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 208.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:43 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: Can't call method "timeout_reset" on an undefined value at /usr/share/perl5/PVE/HTTPServer.pm line 225.[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[5365]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:44 bulava pveproxy[6395]: problem with client 79.229.125.9; rsa_padding_check_pkcs1_type_1: block type is not 01[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:45 bulava pveproxy[5367]: problem with client 79.229.125.9; rsa_eay_public_decrypt: padding check failed[/FONT][/COLOR]
[COLOR=#000000][FONT=tahoma]Jul 10 06:48:45 bulava pveproxy[5367]: proxy detected vanished client connection[/FONT][/COLOR]

It does in fact look like a certificate problem.
However i just copied over the pve-ssl.key and pve.ssl.pem files from the old server where the certificate worked ok. The URL without the domain name works fine als well.

Interesting fact: after some 90 seconds there is an answer and an empty UI shows up - that's also logged from 06:48:43 in the syslog shown above

wbumiller · Jul 10, 2015

For the certificates try running `pvecm updatecerts`.
Did you also change the IP address? And make sure the local hostname resolves to the right IP in /etc/hosts.

tsajuk · Jul 10, 2015

wbumiller said:
For the certificates try running `pvecm updatecerts`.

`pvecm updatecerts` run, reboot, no change

wbumiller said:
Did you also change the IP address? And make sure the local hostname resolves to the right IP in /etc/hosts.

The ip there is already the new ip. I changed only the hostname to the new one.

I'ts not a problem specific to my certificate which needs a intermediate cert. I have tested following situations with my own cert and the pve generated certs

[TABLE="class: grid, width: 800"]
[TR]
[TD][/TD]
[TD]https://144.76.xx.xxx:8006[/TD]
[TD]https://bulava.xxx.xx:8006[/TD]
[/TR]
[TR]
[TD]official cert for bulava.xxx.xx[/TD]
[TD]works after confirmation: cert issued for bulava.xxx.xx verified but wrong hostname[/TD]
[TD]no data sent[/TD]
[/TR]
[TR]
[TD]pve selfsigned cert for bulava.xxx.xx[/TD]
[TD]works after confirmation: cert issued for bulava.xxx.xx can't be verified[/TD]
[TD]no data sent[/TD]
[/TR]
[TR]
[TD]pve selfsigned cert for tamy.xxx.xx[/TD]
[TD]works after confirmation: cert issued for tamy.xxx.xx can't be verified[/TD]
[TD]no data sent[/TD]
[/TR]
[/TABLE]

I'm really thinking about going throuh the hell of an clean reinstall

Hell, because it's over a IP-KVM and virtual CDROM media ... will take forever again

So pls confirm, that host.domain URLs are really working with 4.0 beta

tom · Jul 10, 2015

check also your /etc/hosts file.

see http://pve.proxmox.com/wiki/Install...d_an_.2Fetc.2Fhosts_entry_for_your_IP_address

tsajuk · Jul 10, 2015

I made a full reinstall of the proxmox VE from the installation CD only to find out that the client browser generates the problem.

Chrome 43.0.2357.130m - Ip adressing is ok, domain adressing fails
Chrome 43.0.2357.132 m - Ip adressing fails, domain adressing fails
Chrome 45.0.2452.0canary (64-bit) - Ip adressing is ok, domain adressing ok

take care - I'm off to my favorite beergarden Augustinerkeller now. I'll drink a couple of extra Maß Edelstoff on tap from the wooden barrel on all of you.

cmbz · Aug 12, 2015

tsajuk said:
I made a full reinstall of the proxmox VE from the installation CD only to find out that the client browser generates the problem.

Clear cookies

Search

Search

[SOLVED] [4.0 beta] Host name change - Web UI domain naming problem

tsajuk

New Member

spirit

Distinguished Member

tsajuk

New Member

wbumiller

Proxmox Staff Member

tsajuk

New Member

tom

Proxmox Staff Member

tsajuk

New Member

cmbz

Renowned Member

We value your privacy