XO Proxy not working

bullerwins

Hi!
I'm trying to set up a XO Proxy to manage a remote insance of xcp-ng from the same XOA. This is the setup

Local:
Server Dell - runs XCP-ng 8.2 - IP: 192.168.10.85
Ubuntu 22.04 VM - run XOA installed from source (followed @lawrencesystems guide with a self signed certificate, just used ubuntu instead of debian)- IP: 192.168.10.117 Url: https://192.168.10.117

No port forward or anything on this network needed I believe

Remote:
Server Acer - run XCP-ng 8.2 - IP: 192.168.1.226
Installed XO Proxy in this xcp-ng server - IP: 192.168.1.218

Port forwarded on this router:
TCP
External port 4443
Internal port 443
IP 192.168.1.218

I followed the guide on the blog:
https://xen-orchestra.com/blog/xo-proxy-a-concrete-guide/

Installed the script on the Remote XCP-ng Server Acer:

And got the UUID and Token as well as the IP for the new XO proxy VM.

Change over to the local XOA 192.168.10.117:
Installed xo-cli:

Registered user:

And registered the proxy:

(I'm using duckdns as I have a dynamic IP, but I've tried using the current external IP and had the same results)

Now a proxy appears on the Local XOA:

If I click the "test proxy" blue button, it says to be working.

Then I go to servers in my local XOA and add the remote server:
I fill the info, and paste the proxy url from the proxies page:

But it doesn't seem to connect. No pool appears, and no VMs show from the remote server shows.
I can telnet from the local XOA to "telnet xxxxx.duckdns.org 4443" and establishes connection.

What I'm missing here?

Thanks a lot!

olivierlambert

Your proxy is probably outdated You need to update your proxy first.

@julien-f am I right?

bullerwins

@olivierlambert said in XO Proxy not working:

Your proxy is probably outdated You need to update your proxy first.

@julien-f am I right?

hi @olivierlambert !
I'm sorry but how would I update it?
To be honest I just installed it yesterday once a couple of times testing and again from scratch today. I would guess the bash -c "$(wget -qO- https://xoa.io/proxy/deploy) from the blog would just grab the latest version?

olivierlambert

Okay I discussed that with Julien, and the possibility to update it will be available on our tomorrow's release (on latest channel). Hang on

As soon you can make the update, the "proxy" will work.

bullerwins

@olivierlambert That's great!!!
Thanks a lot.

Even though I don't know how to update it I can install it from scratch as this is just to learn in my homelab. Also I'm not so sure which channel I'm using to be able to select latest, is this for the proxy or for xoa?

olivierlambert

Both, they are synchronized on the one you choose in XOA

bullerwins

@olivierlambert Hi! I believe that I have updated to the latest version (I have "warm migration" feature for example):

And I did the "force upgrade" in the proxy:

But I have the same results:

XOA doens't seem to fully connect to the remote xcp-ng server

olivierlambert

Ping @julien-f

julien-f

@bullerwins It may be necessary to upgrade multiple times the proxy if the VM is not known to the main XO.

If it does not work, open a support tunnel on your XO and we'll take a look directly.

bullerwins

@julien-f

Hi! I installed the proxy from scratch again in the remote xcp-ng, registered via xo-cli in the local XOA and got this in XOA:

I clicked the "upgrade" but got this error:

proxy.upgradeAppliance
{
  "id": "a5e1b282-b10c-471d-9a4b-02477134e895"
}
{
  "code": "ECONNRESET",
  "url": "https://servidorpapa.duckdns.org:4443/api/v1",
  "message": "socket hang up",
  "name": "Error",
  "stack": "Error: socket hang up
    at connResetException (node:internal/errors:705:14)
    at TLSSocket.socketCloseListener (node:_http_client:467:25)
    at TLSSocket.emit (node:events:525:35)
    at TLSSocket.patchedEmit [as emit] (/opt/xo/xo-builds/xen-orchestra-202211301523/@xen-orchestra/log/configure.js:135:17)
    at node:net:301:12
    at TCP.done (node:_tls_wrap:588:7)
    at TCP.callbackTrampoline (node:internal/async_hooks:130:17)"
}

After checking the logs and going back to the proxy page it said that it's up to date:

I clicked the force upgrade a few times and it always said that the proxy is up-do-date but the VM is still unknown:

I'm not sure how to open a support tunnel, is there any documentation about how to do it?

julien-f

@bullerwins Yes: https://xen-orchestra.com/docs/xoa.html#support-tunnel

bullerwins

@julien-f I believe this is for the supported version. I'm build from sources. Should I maybe try the trial premium version?

julien-f

@bullerwins Indeed this is only for the official XO Appliances, my bad.

What you can do is deploy an official XOA in trial, register your proxy on it and open a support tunnel if you have the same behavior

bullerwins

@julien-f I've setup a premium trial, added the proxy via the CLI (even I could now use the GUI with the premium):

Seems like the same results. "Unknown VM". I click "force upgrade proxy" a few times and it says that it's up to date (same behaviur).

I created a support tunnel in the XOA premium:

"Give this id to the support: 44155"

julien-f

@bullerwins On it!

julien-f

@bullerwins Restarting the xo-proxy service was enough to fix the issue.

If it happens again, I'll look into it further.

bullerwins

@julien-f what is the command to restart the proxy? so I can try to do it in the build from sources XOA

julien-f

@bullerwins The issue was that the xo-proxy service was not restarted after being upgraded on the XO Proxy Appliance. I've found the cause and it will be fixed in the next release.

In the meantime simply restart the XO Proxy Appliance if you have this problem again

bullerwins

@julien-f Thank you so much, I restarted the XOA built from source ubuntu VM and now it works! (how could I not thought of this before #1 rule in IT, turn off and on again).
Thanks a lot for the support.

bullerwins

This would be a more of a theoretical question:

Provided that I already have a VPN tunnel set up between the networks, and I'm going to keep it as I use it for other stuff.

Is there any benefit of using the XO-proxy vs a VPN tunnel installed in the XOA vm?

The way I see it is:

Pro XO-proxy:
-Easier to set up
-No need to update/mantain a vpn client in the host OS and remote network as it updates with XOA and the proxy can be updated with a click.
-Might have advantages down the road if more development is done to the proxy and I'm already using it and no need to migrate from the vpn tunnel method.
-Basically all-in-one solution as I don't need to worry about 3rd party stuff. If I migrate I don't have to worry/remember the vpn stuff to be able to connect.

Con XO-proxy:
-That I have to open another port in the router if I already have a VPN tunnel.

I'm just wondering if it's worth to keep another port open in the router.