Welcome! Log In Create A New Profile

Advanced

resource: net::ERR_CONNECTION_TIMED_OUT

Posted by Max_001 
resource: net::ERR_CONNECTION_TIMED_OUT
June 22, 2016 08:28AM
Hi all ;). Hope everyone is good. Taking the Chance using the Community for helpfully Info ;).

i'am little bit desperated, as not sure where the Issue is.

i'am using VMware vSphere6 and installed on Centos6 the nginx-1.10.1.

i'am configured the Proxy to listen onto 443 and to pass it to the Webclient ip.

So far so good. First Site working. 2nd gives me the Credential Screen. it's also working. once giving wrong Pass > it's giving me an Authentication Error > so means for me Communiction is working. but once i try to Login with correct pass the Browser is getting the Timed_Out error after about 20Secs. i checked logs. not seeing some Errors. all with Http Status 200. Just seeing strange DYNAMIC Entry next to the /vsphere-client/UI.swf.

i use following Code:

server {
listen 443;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
ssl_certificate /etc/nginx/ssl/ca.crt;
ssl_certificate_key /etc/nginx/ssl/ca.key;


location / {
proxy_ssl_certificate /etc/nginx/ssl/ca.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/ca.key;
proxy_pass https://xxxx;
#proxy_read_timeout 200s;
#proxy_connect_timeout 200s;
}


}

Last Message in the Log i see:

"POST /vsphere-client/endpoints/messagebroker/amf HTTP/1.1" 200 1176 "https://xxxxx/vsphere-client/UI.swf/[[DYNAMIC]]/6" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" "-"


i tried to use also with removing the hash in the timeout lines.Maybe something wrong with this Dynamic swf?

for any Help i would be very happy.

Many thx in Advance.

Best regards

Max



Edited 1 time(s). Last edit at 06/22/2016 08:29AM by Max_001.
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 22, 2016 02:24PM
generated now HTR files to check.

so on the Authentication Screen i get

https://xxxxx/websso/SAML2/SSO/vsphere.local (worked fine with the pass_proxy process)

and once i try to Login he try to reach

https://xxxxx/vsphere-client/saml/websso/sso

for any Reason i not understand is he trying to reach the internally IP through externally.

Seems once Login he doing Redirect - but through Internet.

so something i miss here on the Proxy Side > as he is not handling the Login Process ;(.

Any thoughts maybe how beeing able to pass all correctly ? ;(

thx

Best regards

Max
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 22, 2016 02:51PM
With some backends you need to tell the backend what its new external Url is due to the fact nginx is now the new frontend.

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 22, 2016 03:23PM
HI there,

i'am not trying to reach multiple Servers. i try just to reach 1 IP. and it's working partially for any Reason. if its fully not working > then ok i understand. But as i'am able to get onto Server over Proxy and just the Login failing because of Redirect > seems needs to get configured somehow. the webclient is communicating with internally ip to Proxy. and Proxy having 2 Interfaces. 1 internally and 1 externally.

Best regards

Max
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 22, 2016 04:34PM
A login process sometimes involves a redirect written by the backend, if that redirect is not aimed at the proxy then it will go wrong.

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 23, 2016 06:08AM
yes seems that is the Case. But how could i make a Redirect of this Backend Redirect? on the Backend is nothing which i could Change. So something on Proxy or iptables to arrange?

thx
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 23, 2016 07:02AM
There must be something on the backend which tells what happens after login,
see https://www.google.nl/#q=vsphere+configuration+url

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 23, 2016 08:28AM
i already searched. but all Infos are related to VCSA and not the Windows vCenter. i will open a Ticket at VMware and asking for Infos regarding it.

thx itpp ;)
Re: resource: net::ERR_CONNECTION_TIMED_OUT
June 28, 2016 07:00AM
Ha i got it working. i not 100% understand it, but it works now. Magic seems was the Header entrys.

Best regards

Max


server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_certificate /etc/nginx/ssl/ca.crt;
ssl_certificate_key /etc/nginx/ssl/ca.key;


#Desn't really matter - everything is proxied
root /var/www/html;
index index.html;
server_name _;

location /{
proxy_pass https://xxxxxxxx;
rewrite ^/$ /vsphere-client/?csp permanent;
}

location /vsphere-client/{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://xxxxxx;
}

}
Re: resource: net::ERR_CONNECTION_TIMED_OUT
September 22, 2016 09:42AM
Max_001 Wrote:
-------------------------------------------------------
> Ha i got it working. i not 100% understand it, but it works now.
> Magic seems was the Header entrys.
>
> Best regards
>
> Max
>
>
> server {
> listen 80 default_server;
> listen [::]:80 default_server;
> server_name _;
> return 301 https://$host$request_uri;
> }
>
> server {
> listen 443 ssl default_server;
> listen [::]:443 ssl default_server;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
> ssl_certificate /etc/nginx/ssl/ca.crt;
> ssl_certificate_key /etc/nginx/ssl/ca.key;
>
>
> #Desn't really matter - everything is proxied
> root /var/www/html;
> index index.html;
> server_name _;
>
> location /{
> proxy_pass https://xxxxxxxx;
> rewrite ^/$ /vsphere-client/?csp permanent;
> }
>
> location /vsphere-client/{
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_pass https://xxxxxx;
> }
>
> }


Hello,

It's not working. Can you post your working config?


I've removed ""rewrite ^/$ /vsphere-client/?csp permanent;"" from ""location /"" so i can see the vcenter home page

I have vCenter 6; and it redirects me still to the private IP


I see this in firefox: location https://10.10.11.109/vsphere-client/UI.swf (my vcenter private IP)
type application/x-shockwave-flash
Maybe because of this location?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 84
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready