starred/webvirtmgr
1
0
Fork 0
mirror of https://github.com/retspen/webvirtmgr.git synced 2026-04-26 08:05:54 +03:00
Code Issues 209 Projects Releases 7 Packages Wiki Activity

[GH-ISSUE #427] webvirtmgr doesn't work through SSH tunnel #320

New issue
Open
opened 2026-02-27 16:38:51 +03:00 by kerem · 10 comments
kerem commented 2026-02-27 16:38:51 +03:00
Owner
Copy link

Originally created by @patrick-werner on GitHub (Sep 12, 2014).
Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/427

Hi,

i just installed webvirtmgr on a rented root server and it works as expected. To improve security i want to access webvirtmgr only through a ssh tunnel.
But if i try it localhost:8080 (i tunneled local port 8080 to SERVER_IP:80) the URL in Chrome switches to http://localhost/login and an "ERRORCODE: ERR_CONNECTION_REFUSED" occurs.

Any ideas how to solve this error?
Thx in advance,

Patrick

Originally created by @patrick-werner on GitHub (Sep 12, 2014). Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/427 Hi, i just installed webvirtmgr on a rented root server and it works as expected. To improve security i want to access webvirtmgr only through a ssh tunnel. But if i try it localhost:8080 (i tunneled local port 8080 to SERVER_IP:80) the URL in Chrome switches to http://localhost/login and an "ERRORCODE: ERR_CONNECTION_REFUSED" occurs. Any ideas how to solve this error? Thx in advance, Patrick
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@aprt5pr commented on GitHub (Sep 14, 2014):

How exactly did you "tunnel" port 8080 to 80? Are you saying you're PATing with IPtables or something OR are you doing a redirect with nginx? It sounds like the case is the latter and not the former.

<!-- gh-comment-id:55542984 --> @aprt5pr commented on GitHub (Sep 14, 2014): How exactly did you "tunnel" port 8080 to 80? Are you saying you're PATing with IPtables or something OR are you doing a redirect with nginx? It sounds like the case is the latter and not the former.
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@patrick-werner commented on GitHub (Sep 16, 2014):

Because i don't want to expose webvirtmgrt to the public I simply established an SSH Tunnel like this:
ssh -N -p 22 -c 3des user@xxx.xxx.xxx.xxx -L 8080/localhost/80
and then i connect in my local browser to: localhost:8080

Because of nginx stripping the portnumber the redirect to localhost/login is missing the 8080 port number. I found the solution to replace $host with $http_host in the nginx config -> leads to an suspicious header error in webvirtmgr.

As a simple fix i configured nginx to listen on port 8080 now and the login etc. works now.

I'm now facing a new Problem:
When starting noVNC within wevirtmgt i get a "Server disconnected (code: 1006)" error message. (noVNC without SSH Tunnel is working)

Any help to get working noVNC through the SSH is appreciated.

<!-- gh-comment-id:55723861 --> @patrick-werner commented on GitHub (Sep 16, 2014): Because i don't want to expose webvirtmgrt to the public I simply established an SSH Tunnel like this: ssh -N -p 22 -c 3des user@xxx.xxx.xxx.xxx -L 8080/localhost/80 and then i connect in my local browser to: localhost:8080 Because of nginx stripping the portnumber the redirect to localhost/login is missing the 8080 port number. I found the solution to replace $host with $http_host in the nginx config -> leads to an suspicious header error in webvirtmgr. As a simple fix i configured nginx to listen on port 8080 now and the login etc. works now. I'm now facing a new Problem: When starting noVNC within wevirtmgt i get a "Server disconnected (code: 1006)" error message. (noVNC without SSH Tunnel is working) Any help to get working noVNC through the SSH is appreciated.
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@AlexH-HankIT commented on GitHub (Sep 16, 2014):

Stop webvirtmgr-novnc and start it directly to see some debug output:
/var/www/webvirtmgr/console/webvirtmgr-novnc

<!-- gh-comment-id:55727805 --> @AlexH-HankIT commented on GitHub (Sep 16, 2014): Stop webvirtmgr-novnc and start it directly to see some debug output: /var/www/webvirtmgr/console/webvirtmgr-novnc
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@patrick-werner commented on GitHub (Sep 16, 2014):

as im using ubuntu i don't have a webvirtmgr-novnc service. How can i stop novnc on Ubuntu so i can start it directly?

<!-- gh-comment-id:55730503 --> @patrick-werner commented on GitHub (Sep 16, 2014): as im using ubuntu i don't have a webvirtmgr-novnc service. How can i stop novnc on Ubuntu so i can start it directly?
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@AlexH-HankIT commented on GitHub (Sep 16, 2014):

I'm using debian and my server is running a "webvirtmgr-novnc" service. I installed it a while ago maybe something changed. What happens if you just execute the file '/var/www/webvirtmgr/console/webvirtmgr-novnc' ? Any erros? Is the file even there?

<!-- gh-comment-id:55731273 --> @AlexH-HankIT commented on GitHub (Sep 16, 2014): I'm using debian and my server is running a "webvirtmgr-novnc" service. I installed it a while ago maybe something changed. What happens if you just execute the file '/var/www/webvirtmgr/console/webvirtmgr-novnc' ? Any erros? Is the file even there?
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@patrick-werner commented on GitHub (Sep 16, 2014):

Yes the file is there, but i can't start it:
socket.error: [Errno 98] Address already in use

If i kill the process named python wich is using port 6080 - another python thread using port 6080 comes up immediately

<!-- gh-comment-id:55731476 --> @patrick-werner commented on GitHub (Sep 16, 2014): Yes the file is there, but i can't start it: socket.error: [Errno 98] Address already in use If i kill the process named python wich is using port 6080 - another python thread using port 6080 comes up immediately
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@aprt5pr commented on GitHub (Sep 16, 2014):

That's because novnc is set by default to restart automatically in /etc/supervisord.conf. So killing the PID will simply make the process start up again. Set autostart=false and autorestart=false under [program:webvirtmgr-novnc] in /etc/supervisord.conf. Stop supervisord and then start it again.

Then invoke /var/www/webvirtmgr/console/webvirtmgr-novnc directly.

<!-- gh-comment-id:55805051 --> @aprt5pr commented on GitHub (Sep 16, 2014): That's because novnc is set by default to restart automatically in /etc/supervisord.conf. So killing the PID will simply make the process start up again. Set autostart=false and autorestart=false under [program:webvirtmgr-novnc] in /etc/supervisord.conf. Stop supervisord and then start it again. Then invoke /var/www/webvirtmgr/console/webvirtmgr-novnc directly.
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@patrick-werner commented on GitHub (Sep 17, 2014):

so i started webvirtmgr and webvirtmgr-novnc directly - it works if i don't use SSH tunnel:

webvirt output:
INFO:gunicorn.access:141.7.X.X - - [17/Sep/2014:13:12:06] "GET /console/?token=1-43cc6bf2-275f-5e02-ea84-d5d1ce7a0cf8 HTTP/1.0" 200 - "http://148.251.X.X:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"

webvirt-novnc output:
6: 141.7.X.X: Plain non-SSL (ws://) WebSocket connection
6: 141.7.X.X: Version hybi-13, base64: 'False'
6: connecting to: localhost:5900

When using the SSH tunnel:

webvirt-novnc output:
(no connection seems to be established)

webvirt output:
INFO:gunicorn.access:127.0.0.1 - - [17/Sep/2014:13:16:30] "GET /console/?token=1-43cc6bf2-275f-5e02-ea84-d5d1ce7a0cf8 HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
127.0.0.1 - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
INFO:gunicorn.access:127.0.0.1 - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
141.7.X.X - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://148.251.X.X:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"

<!-- gh-comment-id:55874744 --> @patrick-werner commented on GitHub (Sep 17, 2014): so i started webvirtmgr and webvirtmgr-novnc directly - it works if i don't use SSH tunnel: webvirt output: INFO:gunicorn.access:141.7.X.X - - [17/Sep/2014:13:12:06] "GET /console/?token=1-43cc6bf2-275f-5e02-ea84-d5d1ce7a0cf8 HTTP/1.0" 200 - "http://148.251.X.X:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36" webvirt-novnc output: 6: 141.7.X.X: Plain non-SSL (ws://) WebSocket connection 6: 141.7.X.X: Version hybi-13, base64: 'False' 6: connecting to: localhost:5900 When using the SSH tunnel: webvirt-novnc output: <nothing> (no connection seems to be established) webvirt output: INFO:gunicorn.access:127.0.0.1 - - [17/Sep/2014:13:16:30] "GET /console/?token=1-43cc6bf2-275f-5e02-ea84-d5d1ce7a0cf8 HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36" 127.0.0.1 - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36" INFO:gunicorn.access:127.0.0.1 - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://localhost:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36" 141.7.X.X - - [17/Sep/2014:13:16:33] "GET /info/insts_status/1/ HTTP/1.0" 200 - "http://148.251.X.X:8080/instances/1/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36"
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@patrick-werner commented on GitHub (Sep 17, 2014):

i finally figured it out:

To use webvirtmgr through a SHH tunnel you have to:

1.: use the same port on both sides of the tunnel (if u switch want to use another port than :80 just switch the listening port in webvirtmgr.conf in /etc/nginx/conf.d.

2.: also SSH-tunnel port 6080 for no-vnc functionality

Thx for guiding me in the right direction with this problem.

<!-- gh-comment-id:55959989 --> @patrick-werner commented on GitHub (Sep 17, 2014): i finally figured it out: To use webvirtmgr through a SHH tunnel you have to: 1.: use the same port on both sides of the tunnel (if u switch want to use another port than :80 just switch the listening port in webvirtmgr.conf in /etc/nginx/conf.d. 2.: also SSH-tunnel port 6080 for no-vnc functionality Thx for guiding me in the right direction with this problem.
kerem commented 2026-02-27 16:38:52 +03:00
Author
Owner
Copy link

@generalmanager commented on GitHub (Sep 19, 2014):

@elnin0815 Why so complicated? You can completly cut out nginx, either by removing the config file /etc/nginx/conf.d/webvirtmgr.conf or by uninstalling nginx.

All that nginx does in the example configuration is forwarding the only locally available interface on port 8000 to port 80 and allow access from everywhere.

Which means you can just use local forwarding (as you wrote above), but use port 8000 on the server. Then you also don't have to use the same ports. That's how I do it:

$ ssh user@server:port -L localhost:8000:localhost:8000 -L localhost:6080:localhost:6080

I also added a little warning to the installation tutorial, together with this tip:
https://github.com/retspen/webvirtmgr/wiki/Install-WebVirtMgr#3-setup-nginx

<!-- gh-comment-id:56212829 --> @generalmanager commented on GitHub (Sep 19, 2014): @elnin0815 Why so complicated? You can completly cut out nginx, either by removing the config file /etc/nginx/conf.d/webvirtmgr.conf or by uninstalling nginx. All that nginx does in the example configuration is forwarding the only locally available interface on port 8000 to port 80 and allow access from everywhere. Which means you can just use local forwarding (as you wrote above), but use port 8000 on the server. Then you also don't have to use the same ports. That's how I do it: $ ssh user@server:port -L localhost:8000:localhost:8000 -L localhost:6080:localhost:6080 I also added a little warning to the installation tutorial, together with this tip: https://github.com/retspen/webvirtmgr/wiki/Install-WebVirtMgr#3-setup-nginx
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v4.8.9
v4.8.8
4.8.7
v4.1.0
v4.0.1
v3.0.0
v2.3.2
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

  
wontfix
No labels
bug
pull-request
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webvirtmgr#320
No description provided.