[one-users] OpenNebula 3.2.1 econe-server and SSL proxy
Daniel Molina
dmolina at opennebula.org
Thu Feb 2 14:40:02 PST 2012
Hi Ulrich,
We have added a new patch in order to support custom paths and ports
when setting up an SSL proxy on top of the econe-server. You can see
this patch in the following link:
http://dev.opennebula.org/issues/985
This patch has been included in the last release (3.2.1). I recommend
you to upgrade to this version. Also the performance should be
improved since we have included a new authentication cache.
Currently the econe-server is running in our public cloud with an SSL
proxy, using the following configuration:
$ cat econe.conf
# Host and port where econe server will run
:server: localhost
:port: 7141
# SSL proxy that serves the API (set if is being used)
:ssl_server: https://cloud.opennebula.org/econe
# Authentication driver for incomming requests
# ec2, default Acess key and Secret key scheme
# x509, for x509 certificates based authentication
:auth: ec2
# Authentication driver to communicate with OpenNebula core
# cipher, for symmetric cipher encryption of tokens
# x509, for x509 certificate encryption of tokens
:core_auth: cipher
$ cat apache2.conf
<VirtualHost *:443>
servername cloud.opennebula.org
SSLEngine on
ProxyPass /econe http://localhost:7141/
ProxyPassReverse /econe http://localhost:7141/
</VirtualHost>
If you use a path different from '/' the client must support this
feature, otherwise the authentication will fail. The econe tools
included in the 3.2.1 release support custom paths.
Also if you want the proxy to listen in a different port from the
default (443) you can specify it in the ssl_parameter:
:ssl_server: https://cloud.opennebula.org:8082/
Hope this helps
On 2 February 2012 22:45, Ulrich Schwickerath
<ulrich.schwickerath at cern.ch> wrote:
> Hi,
>
> did anybody try to setup the ONE 3.2 econe-server with an SSL proxy ? The
> instructions on the web on this seem to be a bit out of date.
> I had it working fine with 3.0 but with 3.2 I get authentication errors (the
> ssl proxy setup is unchanged sinde 3.0). Direct access via http works
> (although slower than before).
>
> Cheers,
> Ulrich
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
More information about the Users
mailing list