Hi Sergi,
have you tried using the development tools in your browser (In Chrome and Firefox Ctrl + Shift + I) and check if the browser shows any error in the console?. It might be an issue with a self-signed certificate, or it’s complaining about its content, let’s see if the browser helps us to understand what may be happening.
Another quick question, as you’re using VMWare, are you using vOneCloud or your own OpenNebula installation?
Cheers!
Hi Sergi
If you are using autosigned certificates for the domain, you must to go to:
and accept this certificate. Don’t worry about the Error message on the browser because this is the por for the VNC and we are not passing anyone.
After accept this you could login on Sunstone and try to go to noVNC
Hi,
I tried to acces https://name:29876 but I have a message that the web page cannot show.
Any idea?
Hi
I suggest test if the sunstone-novnc service is up. In second hand test your firewall is not blocking this port.
The 29876 is used by novnc tu connect, so if you could not access to it the novnc is nos accesible so the VNC session is not going to work.
If I try to connect by telnet I cant so the port it’s open. And if I execute service opennebula-novnc status, I have this:
Redirecting to /bin/systemctl status opennebula-novnc.service
● opennebula-novnc.service - OpenNebula noVNC Server
Loaded: loaded (/usr/lib/systemd/system/opennebula-novnc.service; enabled; vendor preset: disabled)
Active: active (running)
Any idea?
Hi Sergi,
could you give more information on the scenario you’re in?
Cheers
And… if you’re using SSL this old post I wrote may help you to see that browser can be silently blocking VNC connections, that’s why I’m telling you about Developer Tools in the browser.
Hope it helps!
Yes, now I’m using SSL with self-signed certificate.
In a Developer tool i have this errors:
Msg: noVNC ready: native WebSockets, canvas rendering util.js:204
websock.js:261
Mixed Content: The page at ‘https://NAME/’ was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint ‘ws://NAME:29876/?token=125lys86xk63iljnn8p0’. This request has been blocked; this endpoint must be available over WSS.open @ websock.js:261_connect @ rfb.js:305_updateState @ rfb.js:445connect @ rfb.js:223vncCallback @ vnc.js:71_onShow @ vnc.js:68(anonymous function) @ dialog.js:28dispatch @ jquery.js:4737elemData.handle @ jquery.js:4549trigger @ jquery.js:7819(anonymous function) @ jquery.js:7903each @ jquery.js:365each @ jquery.js:137trigger @ jquery.js:7902open @ foundation.js:6517foundation @ foundation.js:285_show @ dialog.js:48success @ list.js:721success @ vm.js:465fire @ jquery.js:3187fireWith @ jquery.js:3317done @ jquery.js:8785(anonymous function) @ jquery.js:9151
websock.js:261
Uncaught SecurityError: Failed to construct ‘WebSocket’: An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
Hi Sergi,
thanks, then as you can see it’s a problem in the browser. You’re trying to use HTTPS but the VNC server is not using secure sockets. You should use the configuration parameters in /etc/one/sunstone-server.conf
support_wss: yes
vnc_proxy_cert: Certificate to encrypt wss connections.
vnc_proxy_key: Key for wss connections. Only necessary if key is not included in cert.
So you need the SSL certificate and the key. And once you have all that try restarting Sunstone server so changes are applied. As I told you in a previous comment maybe you can use my blog post to guide you in configuration.
See ya!
Hi,
Thanks!!!
I configure the file /etc/one/sunstne-server.conf
:vnc_proxy_support_wss: yes
:vnc_proxy_cert: /etc/one/ssl_cert
:vnc_proxy_key: /etc/one/ssl_keycert
It’s correct this configuration? I have to upload the cert to the opennebula?
If I try to connect https://name:29876 I have this error:
Error response
Error code 405.
Message: Method Not Allowed.
Error code explanation: 405 = Specified method is invalid for this resource…
Any idea? What is your blog?
Hi Sergi,
the post in OpenNebula blog is here: http://opennebula.org/opennebula-securing-sunstones-novnc-connections-with-secure-websocket-and-your-own-certificate-authority/ and yes /etc/one/sunstone-server.conf is the file you’ve to modify.
You should have a copy of your SSL certificate in the frontend so the VNC Proxy can use it to establish encrypted sessions. I guess that 405 error is that GET is not allowed by the VNC proxy, but once you have it configured you won’t be using https://name:29876 so don’t worry.
Check that certificate and key file (if key is not inside the certificate) can be read by oneadmin user, you know that sometimes permissions can be an issue if it’s not working. And don’t forget to restart sunstone after editing configuration or changing the cert file and permissions…
Cheers!
Hi. I have the same issue. My VmID is 59. Checked 5959 port is listening and firewall state is running. OS is centos 7. What should do now?
i am facing mentionm below error .
VNC noVNC ready: native WebSockets, canvas rendering
kindly help me on this matter. my ssl certificate is working fine when i login via web panel .web panel is open via https and working fine.but when my user take the vnc or machine error come out on screen .which is shown as above. kindly help me on this matter what i have to do . preivously without ssl its working fine.
Hello,
Maybe you can show logs (Sunstone, apache, nginx, etc)? All telepaths on holiday. 
P.S. Happy New Year!
Hello,
I’m using noVnc console to open the VMware VM console view.
I’ve enabled the GDB server with my esxi host and also configured these things with .vmx configuration.
remotedisplay.vnc.enabled TRUE
remotedisplay.vnc.port 5901
remotedisplay.vnc.password
remoteDisplay.vnc.WebSocket.enabled TRUE
remoteDisplay.vnc.WebSocket.port 1000
When i open the noVnc console via http:// then it’s working fine without any problem. When i tried from https:// then it’s not working and in browser development tool its showing this error:
Mixed Content: The page at ‘https://mysite’ was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint ‘ws://My ESXI Host:1003/websockify?token=b28b8dd7e72e892bb9db5cef9e94e3af’. This request has been blocked; this endpoint must be available over WSS.
If i passed encrypt = 0 with console request then it ask for run this script as unsafe in browser. But it’s only working with chrome and also working with some https:// server but not with all.
Any idea? What i need to do with my host or on my server? Is there any certificate issue and how i will resolve it?
Kindly help me to fix this issue.
Thanks & Regards
Harpreet Singh
I do not have permissions for oneadmin user to read certificate and key file. I has created certificate with CA letsenscrypt and only root user can have access to link lrwxrwxrwx 1 root root 50 Jul 9 15:55 fullchain.pem -> …/…/archive/opennebula.domen.com/fullchain1.pem or lrwxrwxrwx 1 root root 50 Jul 9 15:55 privkey.pem -> …/…/archive/opennebula.domen.com/privkey1.pem So I tried to change owner to oneadmin but nothing happens. The owner is still root user.
What to do?
I got the same error as VNC noVNC ready:native WebSockets, canvas rendering Error?
Here is my host details as follows:
1.Windows 10 in that installed Virtualbox 6.1 and installed Ubuntu18.04.4 as VM (both frontend and hypervisor host)
2.Opennebula version 5.6.1
Solution according to my case is:
1.Check the status of
sudo firewall-cmd --status
2. If it is running stop the firewall using
sudo service firewalld stop
3.Then try to delete the existing VM in the opennebula sunstone.
Thats all problem solved.
Any queries pls write to: kanagaraj.techguy@gmail.com
Am working in my PhD for energy efficiency related work in cloud environment.
Thanks you.
