Hi everyone, sorry for getting back with quiet a delay. Short update: Seems i got at least as far to secure SSVM and CPVM with the certificates needed. But thats another topic :-D
@wei Thanks for your advice, as said above i am currently "done" with points 1 & 3 of your setup list. will take a look into a suitable nginx configuration i guess. My last attemps ended with a "to many redirects" error - i am not to much into the webserver business at all.... @Yordan Thanks for sharing this. I took a look into that, but sadly i didn't found a different approach in all the things i have tried until now. I guess i will take a look into the certificates again, as i could imagine that something went wrong while writing them into the keystore... Will keep you updated. Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov < yord...@nsogroup.com>: > Hi, > > I do remember having issues with the steps in Shapeblue guide. > Eventually I threw some notes for a future guide you can check > here -> > https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh > I hope that helps. > > Best regards, > Jordan > > -----Original Message----- > From: Wei ZHOU <ustcweiz...@gmail.com> > Sent: Thursday, September 16, 2021 10:20 PM > To: users <users@cloudstack.apache.org>; vas...@gmx.de > Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / > recommadations relizing > > > [X] This message came from outside your organization > > > Hi, > > afaik the most common setup is > (1) start (multiple) cloudstack management server with port 8080 > (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL > termination and transparent LB. > (3) upload ssl certificate in cloudstack GUI, and enable SSL for cloudsack > console proxy and secondary storage. > > -Wei > > > On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de <vas...@gmx.de> wrote: > > > Hi, > > > > at the moment I am trying to setting up https - access for the > > management server with my own certificates. Sadly i wasn't successfull > until now. > > OS: Ubuntu 20.04 > > Standard Cloudstack > > Basically i was following the documentation ( > > > > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates > > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA!0d > > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3pTq > > DCm-$ > > ) > > as well as following guide from shapeblue ( > > https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudst > > > ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$ > ) for setting up https for the GUI. > > > > At the moment i am stuck, as i didn't really have clue where and how > > to proceed onwards, as i am not finding any problems, warinings or > > errors in the cloudstack log's. > > Usage of netstat shows, that currently no service is listening on port > > 8443. > > > > Which leads me to a assumption that i maybe messed up > > access-priviledges for the actual keystore-file, as the > > server.properties noted sais, that the https configuration will only > > be used when the keystorefile exists and is readable by the > managementserver. > > Therefore which permissions are normally used for the keystore to be > > accessed by the management server? > > > > As the documentation states, that more or less every site has it's own > > practices on providing webservices to actual users, i would like to > > ask for some experiences with different appoaches? > > Till now i "stumbled" over some ways the set up a reverseproxy based > > on nginx / apache "in front" of the actual CS-Management WebServer, > > which shall take care of the certificate handling. Another idea i have > > read on a side would be to "by pass" the CS-Management Webserver, > > targetting directly to the "root"-volume. Which seems to be a aventures > appoach... > > > > So i am highly interested in your approaches and experiences > > regardning this topic. > > > > Thanks in advance! > > >
