github-actions[bot] commented on issue #12323:
URL: https://github.com/apache/cloudstack/issues/12323#issuecomment-4856145401

   ## ๐ŸŽฏ Triage report
   
   After configuring an nginx reverse proxy for the Console Proxy VM (CPVM) and 
enabling SSL in the CloudStack management UI, the console connections fail 
after a CPVM reboot because the CPVM stops listening on the expected ports. The 
thread was resolved in the comments: the SSL setting in CloudStack must be 
**disabled** when an SSL-terminating reverse proxy is in front of the CPVM โ€” 
enabling it reconfigures the CPVM to use port 443 (which the CPVM has no 
certificate for), while the reverse proxy should own SSL. Incorrect 
documentation in discussion #9013 led to the misconfiguration.
   
   ### ๐Ÿ“Š Assessment
   
   | Dimension | Value | Reasoning |
   |---|---|---|
   | **Type** | type:config | The issue is a configuration misunderstanding, 
not a code defect; resolved by reporter |
   | **Component** | component:console-proxy | CPVM SSL/port configuration |
   | **Severity** | n/a | Operator-recoverable configuration issue |
   | **Labels** | type:config, component:console-proxy | As above |
   | **Coding agent** | Not suitable | Resolved; follow-up is a documentation 
correction |
   
   <details><summary>๐Ÿ’ก Notes and suggestions</summary>
   
   - **Resolution** (from reporter comments): when using a TLS-terminating 
reverse proxy in front of the CPVM, the CloudStack "Console Proxy SSL enabled" 
setting must be **OFF**. The reverse proxy handles TLS; the CPVM speaks plain 
HTTP/WS internally.
   - Incorrect guidance exists in discussion #9013 โ€” maintainer 
(`@DaanHoogland`) asked reporter to add a corrective comment there.
   - Consider adding a note to the Admin Guide / Console Proxy documentation 
clarifying the SSL setting semantics in reverse-proxy deployments.
   - The CPVM code sets `proxy.setPort(443)` when SSL is enabled and 
`proxy.setPort(80)` otherwise โ€” this is correct but counter-intuitive when a 
reverse proxy is in play.
   
   </details>
   
   
   
   > Generated by [Daily Issue 
Triage](https://github.com/apache/cloudstack/actions/runs/28523943189) ยท 
[โ—ท](https://github.com/search?q=repo%3Aapache%2Fcloudstack+%22gh-aw-workflow-call-id%3A+apache%2Fcloudstack%2Fdaily-issue-triage%22&type=issues)
   >
   <details>
   <summary>Add this agentic workflows to your repo</summary>
   
   To install this agentic workflow, run
   
   ```
   gh aw add 
githubnext/agentics/workflows/daily-issue-triage.md@d7c1dc4b72b00607a67caaffdcc216cb64379cf9
   ```
   </details>
   
   
   <!-- gh-aw-agentic-workflow: Daily Issue Triage, engine: copilot, version: 
1.0.52, model: claude-sonnet-4.6, id: 28523943189, workflow_id: 
daily-issue-triage, run: 
https://github.com/apache/cloudstack/actions/runs/28523943189 -->
   <!-- gh-aw-workflow-call-id: apache/cloudstack/daily-issue-triage -->


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to