Hi,
I've found it much easier to just put Apache httpd in front and do SSL
there then proxy to Jetty, ie with the following code in the vhost
config:
AddDefaultCharset Off
ProxyPass /client http://localhost:8080/client
ProxyPassReverse /client http://localhost:8080/client
HTH
On 2020-08-04 19:46, Corey, Mike wrote:
Hi,
I'm trying to figure out how to use https or 8443 with an internally signed certificate and chain for the UI. The latest documentation only has the below snippet. I've created my internally signed certificate, root, and intermediary cert and I believe I've done all the imports into my keystore using keytool correctly. I've also modified the server.properties with the correct jks location and password as directed by the documentation.
Older versions of CloudStack documentation reference doing something with Jetty, but the link to the reference is for out of life versions. I don't see any messages in the logs pertaining to TLS, SSL, 8443, etc. Is there more to this process than documented?
SSL (OPTIONAL)
CloudStack provides HTTP access in its default installation. There are a number of technologies and sites which choose to implement SSL/TLS. As a result, we have left CloudStack to expose HTTP under the assumption that a site will implement its typical practice.
CloudStack 4.9 and above uses embedded Jetty as its servlet container. For sites that would like CloudStack to terminate the SSL session, HTTPS can be enabled by configuring the https-related settings in CloudStack management server's server.properties file at /etc/cloudstack/management/ location:
_# For management server to pickup these configuration settings, the configured_
_# keystore file should exists and be readable by the management server._
https.enable=true
https.port=8443
https.keystore=/etc/cloudstack/management/cloud.jks
https.keystore.password=vmops.com
For storing certificates, admins can create and configure a java keystore file and configure the same in the server.properties file as illustrated above.
MIKE COREY
Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US
SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States
T +1 610 661 0905, M +1 484 274 2658, E mike.co...@sap.com
