[GH-ISSUE #253] Getting kicked to http from https

kerem commented

2026-02-27 16:38:22 +03:00

Owner

Originally created by @ionstorm66 on GitHub (Mar 6, 2014).
Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/253

I keep getting kicked back to http from https. Problem is the webserver is set for https only.

If i vist https://mysite/ it takes me to http://mysite/login/

Originally created by @ionstorm66 on GitHub (Mar 6, 2014). Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/253 I keep getting kicked back to http from https. Problem is the webserver is set for https only. If i vist https://mysite/ it takes me to http://mysite/login/

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@camjac251 commented on GitHub (Mar 6, 2014):

You can look at nginx for this
/etc/nginx/ will be the place to look
Also try your ip address and see if it goes anywhere

@camjac251 commented on GitHub (Mar 6, 2014): You can look at nginx for this /etc/nginx/ will be the place to look Also try your ip address and see if it goes anywhere

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@ionstorm66 commented on GitHub (Mar 6, 2014):

It isn't nginx, nginx dosent have anything configured for http.

If I change nginx to http, login to the site, change nginx back to https, then goto https://mysite/servers/ it works. It is something with the redirect causing an issue.

@ionstorm66 commented on GitHub (Mar 6, 2014): It isn't nginx, nginx dosent have anything configured for http. If I change nginx to http, login to the site, change nginx back to https, then goto https://mysite/servers/ it works. It is something with the redirect causing an issue.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@camjac251 commented on GitHub (Mar 6, 2014):

I can assist you over teamviewer if you'd like. I am more of the I have to see the issue type of guy.

@camjac251 commented on GitHub (Mar 6, 2014): I can assist you over teamviewer if you'd like. I am more of the I have to see the issue type of guy.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@gitshaw commented on GitHub (Mar 6, 2014):

for vnc:

console/webvirtmgr-novnc

ssl_only=True,

inside webvirtmgr/settings.py i have the following settings:

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')

nginx config:

server {
    listen       80;
    server_name  hv1.blah.com;
    rewrite ^ https://hv1.blah.com$request_uri? permanent;
}

server {
    listen 443 ssl;

    # full path to the project dir - the dir that contains the urls.py file
    root /var/www/webvirtmgr/webvirtmgr;

    ssl on;
    ssl_certificate /etc/nginx/ssl/cert.crt; 
    ssl_certificate_key /etc/nginx/ssl/cert.key;

    server_tokens off;

    auth_pam "HV1 Auth";
    auth_pam_service_name "nginx";

    location /static/{
        # The path to the actual project directory here - the one which contains the static/ 
        # dir holding the static files for this project
        root /var/www/webvirtmgr;
    }   

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $remote_addr;
        proxy_set_header X-Forwarded-Protocol $scheme; 
        proxy_pass_header Server;
        proxy_redirect off;
        proxy_connect_timeout 10;
        proxy_read_timeout 600;
        proxy_send_timeout 600; 

        include /etc/nginx/naxsi_passive.rules;

    }
}

Works for me keeping full site over https.

@gitshaw commented on GitHub (Mar 6, 2014): for vnc: console/webvirtmgr-novnc ``` ssl_only=True, ``` inside webvirtmgr/settings.py i have the following settings: ``` SESSION_COOKIE_SECURE = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') ``` nginx config: ``` server { listen 80; server_name hv1.blah.com; rewrite ^ https://hv1.blah.com$request_uri? permanent; } server { listen 443 ssl; # full path to the project dir - the dir that contains the urls.py file root /var/www/webvirtmgr/webvirtmgr; ssl on; ssl_certificate /etc/nginx/ssl/cert.crt; ssl_certificate_key /etc/nginx/ssl/cert.key; server_tokens off; auth_pam "HV1 Auth"; auth_pam_service_name "nginx"; location /static/{ # The path to the actual project directory here - the one which contains the static/ # dir holding the static files for this project root /var/www/webvirtmgr; } location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass_header Server; proxy_redirect off; proxy_connect_timeout 10; proxy_read_timeout 600; proxy_send_timeout 600; include /etc/nginx/naxsi_passive.rules; } } ``` Works for me keeping full site over https.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@hogarth-sv commented on GitHub (Mar 31, 2014):

As a note to the above comment if a SSL certificate is used that is self signed (or signed by a non-trusted CA) then the VNC viewer will not work until the certificate is accepted for the host+port ... the symptom will be the wss socket being rejected.

To resolve this go to https://webvirtmgr.server.name:6080 and accept the certificate - then the console session will work.

@hogarth-sv commented on GitHub (Mar 31, 2014): As a note to the above comment if a SSL certificate is used that is self signed (or signed by a non-trusted CA) then the VNC viewer will not work until the certificate is accepted for the host+port ... the symptom will be the wss socket being rejected. To resolve this go to https://webvirtmgr.server.name:6080 and accept the certificate - then the console session will work.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@gitshaw commented on GitHub (Apr 1, 2014):

I have changed the cert in /var/www/webvirtmgr/console/ to match what i have in nginx and i did not have to go through adding a port to the url. Have you kept the default cert.pm in place.

@gitshaw commented on GitHub (Apr 1, 2014): I have changed the cert in /var/www/webvirtmgr/console/ to match what i have in nginx and i did not have to go through adding a port to the url. Have you kept the default cert.pm in place.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@az6667 commented on GitHub (Jul 10, 2014):

Gitshaw's suggestion works well. Potential pitfall if you're converting from an existing HTTP setup:
Ensure you use Gitshaw's example:
proxy_set_header Host $host;
And not the following which you may have previously set for http:
proxy_set_header Host $host:$server_port;
Or else CSRF errors may pop-up.

Also, this helps for uploading ISO's via the interface:
client_max_body_size 1024M;

@az6667 commented on GitHub (Jul 10, 2014): Gitshaw's suggestion works well. Potential pitfall if you're converting from an existing HTTP setup: Ensure you use Gitshaw's example: `proxy_set_header Host $host;` And not the following which you may have previously set for http: `proxy_set_header Host $host:$server_port;` Or else CSRF errors may pop-up. Also, this helps for uploading ISO's via the interface: `client_max_body_size 1024M;`

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@bobdocland42 commented on GitHub (Jul 7, 2015):

Hi,

I would like to know how to run WebVirtMgr with HTTPS and secure it (with nginx).
I follow what gitshaw has explain and I've now the same configuration but, I've got a little problem.
The web interface still accessible without HTTPS... have you any idea of the problem ? I think isn't a big problem but I don't succed in solving the currently.

Thanks in advance

@bobdocland42 commented on GitHub (Jul 7, 2015): Hi, I would like to know how to run WebVirtMgr with HTTPS and secure it (with nginx). I follow what gitshaw has explain and I've now the same configuration but, I've got a little problem. The web interface still accessible without HTTPS... have you any idea of the problem ? I think isn't a big problem but I don't succed in solving the currently. Thanks in advance

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@ionstorm66 commented on GitHub (Jul 7, 2015):

just remove the top server block from the nginx block.

@ionstorm66 commented on GitHub (Jul 7, 2015): just remove the top server block from the nginx block.

kerem commented

2026-02-27 16:38:23 +03:00

Author

Owner

@bobdocland42 commented on GitHub (Jul 8, 2015):

If you talk about this :

server {
    listen       80;
    server_name  hv1.blah.com;
    rewrite ^ https://hv1.blah.com$request_uri? permanent;
}

I have already commented it. (After I restart nginx etc., I delete my web browser cache) And the web page http://x.x.x.x:8000 still accessible. I don't understand why.

In perfect solution I would like to have http://x.x.x.x/webvirtmgr redirect to --> https://x.x.x.x/webvirtmgr
(I would add a path to the URL to use nginx has reverse proxy for other web services.)

@bobdocland42 commented on GitHub (Jul 8, 2015): If you talk about this : ``` server { listen 80; server_name hv1.blah.com; rewrite ^ https://hv1.blah.com$request_uri? permanent; } ``` I have already commented it. (After I restart nginx etc., I delete my web browser cache) And the web page http://x.x.x.x:8000 still accessible. I don't understand why. In perfect solution I would like to have http://x.x.x.x/webvirtmgr redirect to --> https://x.x.x.x/webvirtmgr (I would add a path to the URL to use nginx has reverse proxy for other web services.)

kerem referenced this issue

2026-02-27 16:39:48 +03:00

[PR #200] [CLOSED] Support to create overlay images, Instance and instances view display IP... #591

Rows
Columns

[GH-ISSUE #253] Getting kicked to http from https #200