zap51 commented on issue #8221:
URL: https://github.com/apache/cloudstack/issues/8221#issuecomment-1807118065
@IgaoWolf NGINX configuration can be like this
```
upstream cloudstack_webui_8080 {
# Balance based on the source. You can also use cookies for persistence
btw!
ip_hash;
server <MGMT_IP>:8080;
server <MGMT_IP>:8080;
}
server {
listen 80;
server_name acs..com.br;
return 308 https://acs..com.br$request_uri;
}
server {
listen 443 ssl;
server_name acs..com.br;
ssl_certificate /<certificates>
ssl_certificate_key /<certificates>
location / {
proxy_pass http://cloudstack_webui_8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
For systemVMs, use the native feature described at
https://www.shapeblue.com/software-based-agent-lb-for-cloudstack/
And `keepalived`, make sure you check the `nginx` process in `vrrp_script`
as `script "killall -0 nginx"`.
You may also use HAProxy and follow the below reference configuration.
```
# WEBUI
frontend webui-http
mode http
bind *:80
http-request redirect scheme https unless { ssl_fc }
frontend webui-https
mode http
bind *:443 ssl crt /path/to/cert_key.pem alpn http/1.1
default_backend webui-8080
backend webui-8080
option forwardfor
option httpchk HEAD /client/
balance source
mode http
server mgmt-01 <MGMT_IP>:8080 check
server mgmt-02 <MGMT_IP>:8080 check
```
For systemVMs, use the native feature described at
https://www.shapeblue.com/software-based-agent-lb-for-cloudstack/
Thanks,
Jayanth Reddy
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
