[one-users] Need https for Opennebula URL in browser
Valentin Bud
valentin.bud at gmail.com
Fri Jun 27 03:12:44 PDT 2014
Hi Sudeep,
You can also ask enterprise support from C12G Labs [1]. They can help
you for sure, they build OpenNebula.
As for your problem, I would ditch Apache and use nginx. I will post a step
by step untested tutorial below.
First, install nginx on the machine OpenNebula is installed on. I assume you
are on a Debian based OS. If on CentOS switch apt-get with yum.
$ sudo su -
# apt-get install nginx
Configure the default vhost to proxy requests to Sunstone upstream. The
following is what I use in production and it works.
/etc/nginx/sites-enabled/default
### sunstone vhost
### sunstone upstream server
upstream sunstone {
server 127.0.0.1:9869;
}
### sunstone HTTP server
server {
listen 80 default_server;
server_name localhost;
### Set up the access and error logs
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
### Append / if missing and redirect to HTTPS
rewrite ^([^.]*[^/])$ https://$server_name/ permanent;
return 301 https://$server_name$request_uri;
}
### HTTPS Server
#
# sunstone HTTPS server
#
server {
listen 443;
server_name localhost;
keepalive_timeout 70;
### Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
### SSL
ssl on;
ssl_certificate /etc/ssl/certs/sunstone.pem;
ssl_certificate_key /etc/ssl/private/sunstone.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 480m;
### Intercept errors
proxy_intercept_errors on;
### Custom error pages
error_page 404 /errors/404.html;
error_page 401 /errors/401.html;
error_page 400 402 403 405 406 407 408 409 410 411 412 413 414 415 417
417 /errors/4xx.html;
error_page 500 501 502 503 504 505 /errors/5xx.html;
### Root location
#
# Proxy requests to upstream
#
location / {
proxy_pass http://sunstone;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
### Public Data
#
# Get the files from HDD not via Sunstone
#
location ~ ^/(css/|images/|js/|locale/|vendor/) {
root /usr/lib/one/sunstone/public;
expires 1w;
}
### Error pages
location /errors/ {
alias /var/www/errors/;
internal;
}
}
Generate the SSL certificate. This is a self signed certificate, if you go
production I
recommend you built your own CA or buy a trusted certificate, Globe SSL is
cheap
in this area. This way you can secure your VNC also without any complaints
from
the browser.
# openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/sunstone.pem
-nodes -out /etc/ssl/certs/sunstone.pem -days 3650
Restart nginx and access http://ip.add.re.ss of OpenNebula machine. It
might help
you but please don't blindly copy paste, do some reading, you'll learn cool
things :).
[1]: http://c12g.com/
Best,
Valentin
On Fri, Jun 27, 2014 at 9:21 AM, Martin Alfke <tuxmea at gmail.com> wrote:
> Hi Sudeep,
>
> it is very unkind to repeat your question in a community based mailing
> list.
> If you need urgent professional support you should get in contact with
> puppetlabs sales and ask for enterprise support.
>
> The file I mentioned is in /etc/httpd/conf.d
> File name is arbitrary as long as it has the ending .conf
>
> http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-apache-config.html
> http://wiki.centos.org/TipsAndTricks/ApacheVhostDir
>
> Asking Google or duckduckgo would have provided the same results.
>
> Please try to search a least a little bit by yourself or get your company
> an enterprise support.
>
> hth,
>
> Martin
>
> On 27 Jun 2014, at 08:14, Sudeep Narayan Banerjee <snbanerjee at iitgn.ac.in>
> wrote:
>
> > Dear Sir,
> >
> > Could someone please say in which file do I need to modify?
> >
> > Thanks
> > Sudeep
> >
> >
> > On Thu, Jun 26, 2014 at 11:17 PM, Sudeep Narayan Banerjee <
> snbanerjee at iitgn.ac.in> wrote:
> > Dear Martin & All,
> >
> > Thanks a lot for the valuable inputs.
> >
> > Which file do I edit in https/conf.d folder?
> >
> > [root at front conf.d]# ls
> > auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf
> README squid.conf subversion.conf welcome.conf
> > auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf
> revocator.conf ssl.conf webalizer.conf wsgi.conf
> >
> > I am in /etc/httpd/conf.d. Should I create a file (by which name &
> extension) or edit any existing file?
> >
> > I do not know whether httpd.conf in /etc/httpd/conf/ folder is the file
> you are pointing at!
> >
> > Regards,
> > S N Banerjee
> >
> >
> > On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke <tuxmea at gmail.com> wrote:
> > Hi Sudeep,
> >
> > we run CentOS 6.5 with httpd and mod_passenger and the following
> configuration snippet in httpd/conf.d:
> >
> > <VirtualHost *:443>
> > ServerName default-ssl
> >
> > ## Vhost docroot
> > DocumentRoot /usr/lib/one/sunstone/public
> >
> > ## Directories, there should at least be a declaration for
> /usr/lib/one/sunstone/public
> >
> > <Directory /usr/lib/one/sunstone/public>
> > Options -MultiViews
> > AllowOverride None
> > Order allow,deny
> > Allow from all
> > </Directory>
> >
> > ## Logging
> > ErrorLog /var/log/httpd/default-ssl_error_ssl.log
> > LogLevel warn
> > ServerSignature Off
> > CustomLog /var/log/httpd/default-ssl_access_ssl.log combined
> >
> >
> > ## SSL directives
> > SSLEngine on
> > SSLCertificateFile <crt file>
> > SSLCertificateKeyFile <key file>
> > SSLCACertificatePath /etc/ssl/certs
> > SSLCACertificateFile <bundle file>
> > <FilesMatch "\.(cgi|shtml|phtml|php)$">
> > SSLOptions +StdEnvVars
> > </FilesMatch>
> > </VirtualHost>
> >
> > hth,
> >
> > Martin
> >
> > On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee <
> snbanerjee at iitgn.ac.in> wrote:
> >
> > > Dear Sirs,
> > >
> > > Is there any update on the same?
> > >
> > > Thank you in advance!
> > >
> > > S N Banerjee
> > >
> > >
> > > On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee <
> snbanerjee at iitgn.ac.in> wrote:
> > > Dear Sir,
> > >
> > > Firstly I would like thank for the simple solution provided for the
> thread "[one-users] VM in opennebula failing".
> > >
> > > Now I would like to make it route through SSL at 443 port.
> > >
> > > I checked at your site and could find the steps meant for Ubuntu, hope
> checked properly! Is it possible for CentOS6.5 x86_64 ?
> > >
> > > Thanks in advance!
> > > Sudeep
> > >
> > > --
> > > Thanks & Regards,
> > > Sudeep Narayan Banerjee
> > >
> > >
> > >
> > > --
> > > Thanks & Regards,
> > > Sudeep Narayan Banerjee
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opennebula.org
> > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
> >
> >
> > --
> > Thanks & Regards,
> > Sudeep Narayan Banerjee
> >
> >
> >
> > --
> > Thanks & Regards,
> > Sudeep Narayan Banerjee
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Valentin Bud
http://databus.pro | valentin at databus.pro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140627/c4aa5904/attachment-0001.htm>
More information about the Users
mailing list