You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by "herdiansah571 (via GitHub)" <gi...@apache.org> on 2024/04/30 12:38:42 UTC
[D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]
GitHub user herdiansah571 created a discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?
I have succesfully install CloudStack 4.18.1.0
I need to secure console proxy use nginx reverse Self-Signed SSL Certificate, anyone here can help me ?
![url](https://github.com/apache/cloudstack/assets/66156422/07f17450-7e2e-4dd0-b552-1bb2df7fb149)
![url-2](https://github.com/apache/cloudstack/assets/66156422/e2ec8142-57dd-45b7-b289-0624595b9cd3)
GitHub link: https://github.com/apache/cloudstack/discussions/9013
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org
Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]
Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.
GitHub user rohityadavcloud added a comment to the discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?
Here's what you can do:
Let's assume you've a single public IP (usually your WAN), then you can setup port forwarding such as:
WAN port 80 (or 443) -> ACS mgmt server IP port 8080
WAN port 8080 -> CPVM public IP port 8080
Then you can create domain/DNS records such as:
A record for example.com -> WAN IP
A record for console.example.com -> WAN IP
ACS global settings can be tuned as: (restarting mgmt server required)
consoleproxy.sslEnabled -> true
consoleproxy.url.domain -> console.example.com
You can write nginx reverse proxy for the management server API/UI service on port 8080.
Here's example of how you can secure console proxy's port 8080 (here 192.168.1.20 is the CPVM public IP):
```
listen 8080 ssl http2;
location /websockify {
proxy_pass http://192.168.1.20:8080/websockify;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 86400;
}
```
You may adapt/test this as necessary.
Refer:
https://www.mail-archive.com/users@cloudstack.apache.org/msg32064.html
GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9283779
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org
Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]
Posted by "rohityadavcloud (via GitHub)" <gi...@apache.org>.
GitHub user rohityadavcloud closed the discussion with a comment: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?
Closing as answered, pl re-open if you've further issues. Usually nginx-reverse proxy setup is outside of CloudStack and this is highly environment-specific. Some people using haproxy with letsencrypt too.
GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9283782
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org
Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]
Posted by "pcfriek1987 (via GitHub)" <gi...@apache.org>.
GitHub user pcfriek1987 added a comment to the discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?
Did you configure the SSL setting in the Webgui? What does your nginx file looks like (just curious).
GitHub link: https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9280083
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org
Re: [D] How to secure console proxy use nginx reverse Self-Signed SSL Certificate ? [cloudstack]
Posted by "herdiansah571 (via GitHub)" <gi...@apache.org>.
GitHub user herdiansah571 closed a discussion: How to secure console proxy use nginx reverse Self-Signed SSL Certificate ?
I have succesfully install CloudStack 4.18.1.0
I need to secure console proxy use nginx reverse Self-Signed SSL Certificate, anyone here can help me ?
![url](https://github.com/apache/cloudstack/assets/66156422/07f17450-7e2e-4dd0-b552-1bb2df7fb149)
![url-2](https://github.com/apache/cloudstack/assets/66156422/e2ec8142-57dd-45b7-b289-0624595b9cd3)
GitHub link: https://github.com/apache/cloudstack/discussions/9013
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscribe@cloudstack.apache.org