Why is console access on Digital Ocean so problematic?

August 21, 2016 287 views
Networking Ubuntu

I have been successfully running a Ubuntu 14.04 production server on D.O for nearly six months now. I couldn't be happier with the level of support received from D.O staff and the excellent tutorials that helped me get going from scratch.

However, I cannot but think that D.O's web based console access is its major problem area. In all these months of trying, I have only been able to get it working once or twice. Having reliable out-of-band access to the server is absolutely essential for an unmanaged service like D.O where the staff can't login to your server when you are locked out of SSH.

Yesterday, I spent several hours trying to get console access to work without success after I was locked out of SSH. D.O Support were courteous and helpful, as always, but they obviously couldn't login to fix the issue. I tried everything - accessing from a desktop, a laptop, a Macbook Pro, trying through Firefox, Safari and Chrome, adding incoming and outgoing rules in the Windows firewall to allow the suggested port range of 6000-7000, restarting my router to get a different dynamic IP for the internet connection to work around my IP being blocked by the server firewall - the works. Nothing helped until I was finally able to connect to SSH after restarting the router for the nth time.

D.O staff suggested that my ISP was blocking those ports, but I doubt it. The irony of the situation is that I am able to launch the web console of Linode (Lish) where I have a couple of servers without any issue at any time on any browser on the same ISP connection. It simply works.

So, my question is, why is D.O's console access so troublesome and error prone when Linode can offer a similar service that works out of the box? And, why has this issue gone unresolved for so long? You only have to do a google search to find dozens of complaints on this issue going back two or three years.

I am not posting this as a rhetorical question but as a genuine concern. Heaven forbid running into a situation where I need out of band access to the production server and the console doesn't work.

Is anyone using any tips or tricks to get console access working reliably?

1 Answer

I personally never had any issues with DO's Console - Ability to copy/paste would be nice though.

Few things I leant overtime about the console is,

  1. Some browser extensions can cause problems, such as AdBlock.
  2. If the screen is black, you can try clicking on the screen. If that doesn't work you can try typing something. That usually fix the black screen issue for me.
  3. Looks like DO Console makes a connection on port 5000, you can try adding this to your firewall. - Not sure why 6000-7000 was suggested, maybe something internal?
  4. A reboot of the Droplet can help too if the server is out of sync for some reason.

What exactly happened when you tried to access the console?

  • Thanks for your helpful answer.

    Unfortunately, I have tried all your suggestions, except a server reboot, which I will try tonight. 6000-7000 was suggested here in several threads, as was 5000. I have tried in Chrome and Firefox on Windows 7 after disabling all the extensions, restarting the browser and logging in and then launching the console. Also tried the same on Safari on Macbook Pro.

    In Safari and Chrome, I can at least see the bottom frame which says noVNC ready etc. etc. Firefox doesn't even show that. No amount of clicking on the screen or typing something has any effect. All of these are the latest versions of the respective browsers and OSes (El Capitan and Windows 7 Pro with the latest updates).

    I even completely turned off the Windows Firewall on the PC and disabled the real time protection in Microsoft Security Essentials, but without any effect. These are the only two security programs I have on the PC.

    D.O staff have repeatedly suggested this might be an ISP issue. But, what beats me is that I have never once had a problem launching the Lish console on Linode on the very same ISP connection. At some point, I can't help but wonder if this is actually a D.O issue in some respects, because reports of this error go back to 2012 and earlier.

    This is turning out to be a real head-scratcher :-(

Have another answer? Share your knowledge.