You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by "herdiansah571 (via GitHub)" <gi...@apache.org> on 2024/04/30 12:38:42 UTC

[D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]

GitHub user herdiansah571 created a discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?

I have succesfully install CloudStack 4.18.1.0

I need to secure console proxy use nginx reverse Self-Signed SSL Certificate, anyone here can help me ?

![url](https://github.com/apache/cloudstack/assets/66156422/07f17450-7e2e-4dd0-b552-1bb2df7fb149)
![url-2](https://github.com/apache/cloudstack/assets/66156422/e2ec8142-57dd-45b7-b289-0624595b9cd3)


GitHub link: https://github.com/apache/cloudstack/discussions/9013

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org

Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]

Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.

GitHub user rohityadavcloud added a comment to the discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?

Here's what you can do: 

Let's assume you've a single public IP (usually your WAN), then you can setup port forwarding such as:

WAN port 80 (or 443) -> ACS mgmt server IP port 8080
WAN port 8080 -> CPVM public IP port 8080

Then you can create domain/DNS records such as:

A record for example.com -> WAN IP
A record for console.example.com -> WAN IP

ACS global settings can be tuned as: (restarting mgmt server required)
consoleproxy.sslEnabled -> true
consoleproxy.url.domain -> console.example.com

You can write nginx reverse proxy for the management server API/UI service on port 8080.

Here's example of how you can secure console proxy's port 8080 (here 192.168.1.20 is the CPVM public IP):

```
  listen 8080  ssl http2;
  location /websockify {
        proxy_pass http://192.168.1.20:8080/websockify;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
        proxy_buffering off;
        proxy_ignore_client_abort off;
        proxy_read_timeout 86400;
  }
```

You may adapt/test this as necessary.

Refer:
https://www.mail-archive.com/users@cloudstack.apache.org/msg32064.html

GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9283779

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org

Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]

Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.

GitHub user rohityadavcloud closed the discussion with a comment: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?

Closing as answered, pl re-open if you've further issues. Usually nginx-reverse proxy setup is outside of CloudStack and this is highly environment-specific. Some people using haproxy with letsencrypt too.

GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9283782

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org

Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]

Posted by "pcfriek1987 (via GitHub)" <gi...@apache.org>.

GitHub user pcfriek1987 added a comment to the discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?

Did you configure the SSL setting in the Webgui? What does your nginx file looks like (just curious).

GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9280083

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org

Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]

Posted by "herdiansah571 (via GitHub)" <gi...@apache.org>.

GitHub user herdiansah571 closed a discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?

I have succesfully install CloudStack 4.18.1.0

I need to secure console proxy use nginx reverse Self-Signed SSL Certificate, anyone here can help me ?

![url](https://github.com/apache/cloudstack/assets/66156422/07f17450-7e2e-4dd0-b552-1bb2df7fb149)
![url-2](https://github.com/apache/cloudstack/assets/66156422/e2ec8142-57dd-45b7-b289-0624595b9cd3)


GitHub link: https://github.com/apache/cloudstack/discussions/9013

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org