Problem with web console

Hi i have problem with web console when i click i got

403 Forbidden

You don’t have permission to access this resource.

log
`2024-08-21T23:26:58 [I|app|40b44567] Processing by CockpitController#redirect as HTML
2024-08-21T23:26:58 [I|app|40b44567] Parameters: {“redirect_uri”=>“https://foreman.domain/webcon/=accelerate.domain”}
2024-08-21T23:26:58 [I|app|40b44567] Redirected to https://foreman.domain?access_token=a1ad26a353e83d82d73ea2da71c3b8ba
2024-08-21T23:26:58 [I|app|40b44567] Completed 302 Found in 12ms (ActiveRecord: 1.7ms | Allocations: 2620)
2024-08-21T23:27:01 [I|app|d662ae08] Started GET “/notification_recipients” for 10.86.232.244 at 2024-08-21 23:27:01 +0200
2024-08-21T23:27:01 [I|app|d662ae08] Processing by NotificationRecipientsController#index as JSON
2024-08-21T23:27:01 [I|app|d662ae08] Completed 200 OK in 9ms (Views: 0.1ms | ActiveRecord: 1.3ms | Allocations: 2008)
2024-08-21T23:27:05 [I|app|0fb20400] Started GET “/cockpit/redirect?redirect_uri=https%3A%2F%2Fforeman.domain%2Fwebcon%2F%3Daccelerate.domain” for 10.86.232.244 at 2024-08-21 23:27:05 +0200
2024-08-21T23:27:05 [I|app|0fb20400] Processing by CockpitController#redirect as HTML
2024-08-21T23:27:05 [I|app|0fb20400] Parameters: {“redirect_uri”=>“https://foreman.domain/webcon/=accelerate.domain”}
2024-08-21T23:27:05 [I|app|0fb20400] Redirected to https://foreman.domain/webcon/=accelerate.domain?access_token=a1ad26a353e83d82d73ea2da71c3b8ba
2024-08-21T23:27:05 [I|app|0fb20400] Completed 302 Found in 11ms (ActiveRecord: 1.5ms | Allocations: 2372)

`

What does /var/log/foreman-proxy/proxy.log say? Also it is worth checking /var/log/secure on the target host.

Hey nothing is logged to /var/log/foreman-proxy/proxy.log
there is also no information on host/var/log/secure

Remote execution working fine only problem when i want to run web console.

I noticed that when starting
/usr/sbin/foreman-cockpit-session:24:in `read’: No such file or directory @ rb_sysopen - /etc/foreman-cockpit/settings.yml (Errno::ENOENT)

The installer should set that up. Have you passed --enable-foreman-plugin-remote-execution-cockpit to it?

I tried several times but the installer does not create

Looking at the path again, it looks wrong. It should be /etc/foreman/cockpit/foreman-cockpit-session.yml

# systemctl cat foreman-cockpit | grep Environment
Environment=XDG_CONFIG_DIRS=/etc/foreman/
Environment=FOREMAN_COCKPIT_SETTINGS=/etc/foreman/cockpit/foreman-cockpit-session.yml
Environment=FOREMAN_COCKPIT_ADDRESS=127.0.0.1
Environment=FOREMAN_COCKPIT_PORT=19090
Environment=COCKPIT_SUPERUSER=any

Also, could you check /var/log/httpd/foreman-ssl_error_ssl.log?

[Thu Aug 22 10:04:12.201175 2024] [rewrite:error] [pid 73681:tid 139850177218304] [client XX.XX.XX.XX:53537] AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F

I change /etc/httpd/conf.d/05-foreman-ssl.d/cockpit.conf to

form

<Location /webcon>
  ProxyPreserveHost On

  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /webcon/(.*)           ws://127.0.0.1:19090/webcon/$1 [P]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /webcon/(.*)           http://127.0.0.1:19090/webcon/$1 [P]
</Location>

to


<Location /webcon>
  ProxyPreserveHost On

  RewriteEngine On
  RewriteCond %{HTTP:Upgrade} =websocket [NC]
  RewriteRule /webcon/(.*)           ws://127.0.0.1:19090/webcon/$1 [P,UnsafeAllow3F]
  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
  RewriteRule /webcon/(.*)           http://127.0.0.1:19090/webcon/$1 [P,UnsafeAllow3F]
</Location>

and working

Yeah, looks like you found yourself a bug Bug #37761: Cockpit integration fails with AH: Unsafe URL with %3f URL rewritten without UnsafeAllow3F in foreman-ssl_error_ssl.log - Installer - Foreman