XO Proxy not working
-
Ping @julien-f
-
@bullerwins It may be necessary to upgrade multiple times the proxy if the VM is not known to the main XO.
If it does not work, open a support tunnel on your XO and we'll take a look directly.
-
Hi! I installed the proxy from scratch again in the remote xcp-ng, registered via xo-cli in the local XOA and got this in XOA:
I clicked the "upgrade" but got this error:
proxy.upgradeAppliance { "id": "a5e1b282-b10c-471d-9a4b-02477134e895" } { "code": "ECONNRESET", "url": "https://servidorpapa.duckdns.org:4443/api/v1", "message": "socket hang up", "name": "Error", "stack": "Error: socket hang up at connResetException (node:internal/errors:705:14) at TLSSocket.socketCloseListener (node:_http_client:467:25) at TLSSocket.emit (node:events:525:35) at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202211301523/@xen-orchestra/log/configure.js:135:17) at node:net:301:12 at TCP.done (node:_tls_wrap:588:7) at TCP.callbackTrampoline (node:internal/async_hooks:130:17)" }After checking the logs and going back to the proxy page it said that it's up to date:
I clicked the force upgrade a few times and it always said that the proxy is up-do-date but the VM is still unknown:
I'm not sure how to open a support tunnel, is there any documentation about how to do it?
-
-
@julien-f I believe this is for the supported version. I'm build from sources. Should I maybe try the trial premium version?
-
@bullerwins Indeed this is only for the official XO Appliances, my bad.
What you can do is deploy an official XOA in trial, register your proxy on it and open a support tunnel if you have the same behavior
-
@julien-f I've setup a premium trial, added the proxy via the CLI (even I could now use the GUI with the premium):
Seems like the same results. "Unknown VM". I click "force upgrade proxy" a few times and it says that it's up to date (same behaviur).
I created a support tunnel in the XOA premium:
"Give this id to the support: 44155"
-
@bullerwins On it!
-
@bullerwins Restarting the
xo-proxyservice was enough to fix the issue.If it happens again, I'll look into it further.
-
@julien-f what is the command to restart the proxy? so I can try to do it in the build from sources XOA
-
@bullerwins The issue was that the
xo-proxyservice was not restarted after being upgraded on the XO Proxy Appliance. I've found the cause and it will be fixed in the next release.In the meantime simply restart the XO Proxy Appliance if you have this problem again
-
@julien-f Thank you so much, I restarted the XOA built from source ubuntu VM and now it works! (how could I not thought of this before #1 rule in IT, turn off and on again).
Thanks a lot for the support. -
This would be a more of a theoretical question:
Provided that I already have a VPN tunnel set up between the networks, and I'm going to keep it as I use it for other stuff.
Is there any benefit of using the XO-proxy vs a VPN tunnel installed in the XOA vm?
The way I see it is:
Pro XO-proxy:
-Easier to set up
-No need to update/mantain a vpn client in the host OS and remote network as it updates with XOA and the proxy can be updated with a click.
-Might have advantages down the road if more development is done to the proxy and I'm already using it and no need to migrate from the vpn tunnel method.
-Basically all-in-one solution as I don't need to worry about 3rd party stuff. If I migrate I don't have to worry/remember the vpn stuff to be able to connect.Con XO-proxy:
-That I have to open another port in the router if I already have a VPN tunnel.I'm just wondering if it's worth to keep another port open in the router.
-
Depends if you have other needs for the VPN, but if it's only XO related, the proxy is a better solution
-
Ultimately, the choice depends on your specific requirements, security considerations, and the trade-offs you are willing to make. If security is a top priority, and the existing VPN tunnel meets your needs, sticking with it might be the best option. I also have a lot to say, if you want to buy proxies, contact me personally. However, if the advantages of XO-proxy are compelling, and you can address the security concerns, it could be a reasonable choice.
-
We made the proxy with the smallest attack surface possible, so I would say it's pretty safe. But indeed, and as usual, it's a perpetual balance benefits and costs
-
M McHenry referenced this topic on
