Unable to remotely access dashboard

Right now, this is working as intended, since everything runs with default passwords, and we don't want to open up laptops running microstack to attack.

But I think that we should provide hooks to lock microstack down, security wise, and open it up to outside traffic, as there are many scenarios where this would be useful. We'll use this bug to publicly track the feature.

Perhaps this could be resolved by adding a snap configuration option to microstack such that we can install it as currently and then just

$ snap set microstack-horizon-allowed-hosts="xx.xx.xx.xx"

where xx.xx.xx.xx is the IP I wish to grant access to.

I've tried other workarounds without success. Using X11 and remoting the display firefox launched from the microstack host fails because the django web UI in horizon has busy graphics such as the spinning cursor which are too heavy that way.

As of the latest build in --edge, this bug is partially resolved. You can override horizon settings by dropping a file into `/var/snap/microstack/common/etc/horizon/local_settings.d/` with any overrides. For example, you might create _10_hosts.py, with the following contents:

```
# Allow all hosts to connect to this machine
ALLOWED_HOSTS = ['*',]
```

Then do `sudo snap restart microstack`

You could also just allow specific hosts, of course. And near future releases to --edge should contain this as an option in microstack.init.

As of the latest edge, we open Horizon to the outside world by default, which resolves this issue.

Hi,

I installed the --edge version on a physical machine and gets the same server.
I followed what you mentioned here, but still no access to microstack dashboard.

Do you know where the problem is?

Thanks for your help!

Ali

No idea, I no longer use this.

On Thu, May 7, 2020 at 6:30 PM Ali Esmaeily <email address hidden>
wrote:

> Hi,
>
> I installed the --edge version on a physical machine and gets the same
> server.
> I followed what you mentioned here, but still no access to microstack
> dashboard.
>
> Do you know where the problem is?
>
> Thanks for your help!
>
> Ali
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1815955
>
> Title:
> Unable to remotely access dashboard
>
> Status in MicroStack:
> Fix Released
>
> Bug description:
> I've installed microstack on a remote server. If I use sshuttle to vpn
> to that network and attempt to load the dashboard I get the following
> stack trace:
>
> DisallowedHost at /
> Invalid HTTP_HOST header: '192.168.9.37'. You may need to add
> u'192.168.9.37' to ALLOWED_HOSTS.
> Request Method: GET
> Request URL: http://192.168.9.37/
> Django Version: 1.11.14
> Exception Type: DisallowedHost
> Exception Value:
> Invalid HTTP_HOST header: '192.168.9.37'. You may need to add
> u'192.168.9.37' to ALLOWED_HOSTS.
> Exception Location:
> /snap/microstack/65/lib/python2.7/site-packages/django/http/request.py in
> get_host, line 113
> Python Executable: /snap/microstack/65/bin/uwsgi
> Python Version: 2.7.12
> Python Path:
> ['.',
> '',
> '/snap/microstack/65/usr/lib/python2.7',
> '/snap/microstack/65/usr/lib/python2.7/plat-x86_64-linux-gnu',
> '/snap/microstack/65/usr/lib/python2.7/lib-tk',
> '/snap/microstack/65/usr/lib/python2.7/lib-old',
> '/snap/microstack/65/usr/lib/python2.7/lib-dynload',
> '/snap/microstack/65/usr/lib/python2.7/dist-packages',
> '/snap/microstack/65/lib/python2.7/site-packages',
> '/snap/microstack/65/lib/python2.7/site-packages/openstack_dashboard']
> Server time: Thu, 14 Feb 2019 19:26:45 +0000
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/microstack/+bug/1815955/+subscriptions
>

@aliesma: what url are you typing in when you attempt to access the MicroStack dashboard? Are you tunneling from another machine, as in the original bug, or simply trying to access the dashboard on your local machine?

Note that MicroStack attempts to serve up the dashboard on port 80 by default, and the server can be a little bit slow to respond on first use. If you have another server listening on port 80 on your machine, they might be conflicting.

You can set the port with:

    sudo snap set microstack config.network.ports.dashboard=5001
    sudo snap restart microstack