github-actions[bot] commented on issue #12323: URL: https://github.com/apache/cloudstack/issues/12323#issuecomment-4856145401
## ๐ฏ Triage report After configuring an nginx reverse proxy for the Console Proxy VM (CPVM) and enabling SSL in the CloudStack management UI, the console connections fail after a CPVM reboot because the CPVM stops listening on the expected ports. The thread was resolved in the comments: the SSL setting in CloudStack must be **disabled** when an SSL-terminating reverse proxy is in front of the CPVM โ enabling it reconfigures the CPVM to use port 443 (which the CPVM has no certificate for), while the reverse proxy should own SSL. Incorrect documentation in discussion #9013 led to the misconfiguration. ### ๐ Assessment | Dimension | Value | Reasoning | |---|---|---| | **Type** | type:config | The issue is a configuration misunderstanding, not a code defect; resolved by reporter | | **Component** | component:console-proxy | CPVM SSL/port configuration | | **Severity** | n/a | Operator-recoverable configuration issue | | **Labels** | type:config, component:console-proxy | As above | | **Coding agent** | Not suitable | Resolved; follow-up is a documentation correction | <details><summary>๐ก Notes and suggestions</summary> - **Resolution** (from reporter comments): when using a TLS-terminating reverse proxy in front of the CPVM, the CloudStack "Console Proxy SSL enabled" setting must be **OFF**. The reverse proxy handles TLS; the CPVM speaks plain HTTP/WS internally. - Incorrect guidance exists in discussion #9013 โ maintainer (`@DaanHoogland`) asked reporter to add a corrective comment there. - Consider adding a note to the Admin Guide / Console Proxy documentation clarifying the SSL setting semantics in reverse-proxy deployments. - The CPVM code sets `proxy.setPort(443)` when SSL is enabled and `proxy.setPort(80)` otherwise โ this is correct but counter-intuitive when a reverse proxy is in play. </details> > Generated by [Daily Issue Triage](https://github.com/apache/cloudstack/actions/runs/28523943189) ยท [โท](https://github.com/search?q=repo%3Aapache%2Fcloudstack+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-issue-triage%22&type=issues) > <details> <summary>Add this agentic workflows to your repo</summary> To install this agentic workflow, run ``` gh aw add githubnext/agentics/workflows/daily-issue-triage.md@d7c1dc4b72b00607a67caaffdcc216cb64379cf9 ``` </details> <!-- gh-aw-agentic-workflow: Daily Issue Triage, engine: copilot, version: 1.0.52, model: claude-sonnet-4.6, id: 28523943189, workflow_id: daily-issue-triage, run: https://github.com/apache/cloudstack/actions/runs/28523943189 --> <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-issue-triage --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
