Hi, afaik the most common setup is (1) start (multiple) cloudstack management server with port 8080 (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL termination and transparent LB. (3) upload ssl certificate in cloudstack GUI, and enable SSL for cloudsack console proxy and secondary storage.
-Wei On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de <vas...@gmx.de> wrote: > Hi, > > at the moment I am trying to setting up https - access for the management > server with my own certificates. Sadly i wasn't successfull until now. > OS: Ubuntu 20.04 > Standard Cloudstack > Basically i was following the documentation ( > > http://docs.cloudstack.apache.org/en/latest/installguide/optional_installation.html#ssl-optional > ) > as well as following guide from shapeblue ( > https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/) for > setting up https for the GUI. > > At the moment i am stuck, as i didn't really have clue where and how to > proceed onwards, as i am not finding any problems, warinings or errors in > the cloudstack log's. > Usage of netstat shows, that currently no service is listening on port > 8443. > > Which leads me to a assumption that i maybe messed up access-priviledges > for the actual keystore-file, as the server.properties noted sais, that the > https configuration will only be used when the keystorefile exists and is > readable by the managementserver. > Therefore which permissions are normally used for the keystore to be > accessed by the management server? > > As the documentation states, that more or less every site has it's own > practices on providing webservices to actual users, > i would like to ask for some experiences with different appoaches? > Till now i "stumbled" over some ways the set up a reverseproxy based on > nginx / apache "in front" of the actual CS-Management WebServer, which > shall take care of the certificate handling. Another idea i have read on a > side would be to "by pass" the CS-Management Webserver, targetting directly > to the "root"-volume. Which seems to be a aventures appoach... > > So i am highly interested in your approaches and experiences regardning > this topic. > > Thanks in advance! >
