intermittent SSL connection

Bug #1668774 reported by Sam Lee
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fix Released
Blake Rouse
Won't Fix

Bug Description

MAAS 2.1.1+bzr5544-0ubuntu1 (16.04.1)

In order to comply with our DC firewall (we block port 80), we followed the following instructions to enable SSL:

Unfortunately, although we got MAAS region controller to respond via SSL (i.e. TCP Port 443), as soon as I login to the web ui,


MAAS region controller redirects my web client to a non-SSL connection to


Also noticed the same thing when I log out, where it drops me out to a non-SSL connection login page


With a firewall blocking tcp port 80, this causes the MAAS UI to appear hung as it times out on the non-SSL port 80 connection.

Tags: docteam maasgh
Changed in maas:
milestone: none → 2.2.0
importance: Undecided → High
status: New → Triaged
tags: added: docteam maasgh
Changed in maas:
milestone: 2.2.0 → 2.2.x
Changed in maas:
milestone: 2.2.x → 2.4.0rc2
Revision history for this message
Blake Rouse (blake-rouse) wrote :

MAAS has no issues working with SSL. You didn't state the web server you are using, but here is the nginx.conf I used to confirm it works as expected. You most likely are not handing the websocket proxying correctly.

server {
 listen 443 ssl;

 server_name _;
 ssl_certificate /etc/nginx/ssl/nginx.crt;
 ssl_certificate_key /etc/nginx/ssl/nginx.key;

 location / {
  proxy_pass http://localhost:5240;
  include /etc/nginx/proxy_params;

 location /MAAS/ws {
  proxy_pass http://localhost:5240/MAAS/ws;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";


Changed in maas:
status: Triaged → Invalid
Changed in maas:
assignee: nobody → Blake Rouse (blake-rouse)
Revision history for this message
Blake Rouse (blake-rouse) wrote :

Seems this is fixed in 2.4, but not 2.3. In 2.3 the following header is returned:

< HTTP/1.1 302 FOUND
< Server: nginx/1.10.3 (Ubuntu)
< Date: Tue, 15 May 2018 19:51:52 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Cookie
< X-Frame-Options: SAMEORIGIN
< Location: http://localhost/MAAS/accounts/login/?next=%2FMAAS%2F

It is redirecting to the HTTP instead of HTTPS.

Changed in maas:
status: Invalid → Fix Released
Revision history for this message
Blake Rouse (blake-rouse) wrote :

Here is the configuration for apache2:

<VirtualHost *:443>
 SSLEngine On

 SSLCertificateFile /etc/apache2/ssl/apache2.crt
 SSLCertificateKeyFile /etc/apache2/ssl/apache2.key

 RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/MAAS/ws [NC]
        RewriteRule /(.*) ws://localhost:5240/MAAS/ws [P,L]

        ProxyPreserveHost On
        ProxyPass / http://localhost:5240/
        ProxyPassReverse / http://localhost:5240/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.