Hi everyone, sorry for getting back with quiet a delay.

Short update:
Seems i got at least as far to secure SSVM and CPVM with the certificates
needed. But thats another topic :-D

@wei
Thanks for your advice, as said above i am currently "done" with points 1 &
3 of your setup list. will take a look into a suitable nginx configuration
i guess. My last attemps ended with a "to many redirects" error - i am not
to much into the webserver business at all....

@Yordan
Thanks for sharing this. I took a look into that, but sadly i didn't found
a different approach in all the things i have tried until now.
I guess i will take a look into the certificates again, as i could imagine
that something went wrong while writing them into the keystore... Will keep
you updated.

Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov <
yord...@nsogroup.com>:

> Hi,
>
>         I do remember having issues with the steps in Shapeblue guide.
>         Eventually I threw some notes for a future guide you can check
> here ->
> https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh
>         I hope that helps.
>
> Best regards,
> Jordan
>
> -----Original Message-----
> From: Wei ZHOU <ustcweiz...@gmail.com>
> Sent: Thursday, September 16, 2021 10:20 PM
> To: users <users@cloudstack.apache.org>; vas...@gmx.de
> Subject: Re: Problems setting up HTTPS on CS Managementserver GUI /
> recommadations relizing
>
>
> [X] This message came from outside your organization
>
>
> Hi,
>
> afaik the most common setup is
> (1) start (multiple) cloudstack management server with port 8080
> (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports SSL
> termination and transparent LB.
> (3) upload ssl certificate in cloudstack GUI, and enable SSL for cloudsack
> console proxy and secondary storage.
>
> -Wei
>
>
> On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de <vas...@gmx.de> wrote:
>
> > Hi,
> >
> > at the moment I am trying to setting up https - access for the
> > management server with my own certificates. Sadly i wasn't successfull
> until now.
> > OS: Ubuntu 20.04
> > Standard Cloudstack
> > Basically i was following the documentation (
> >
> > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/lates
> > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA!0d
> > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3pTq
> > DCm-$
> > )
> > as well as following guide from shapeblue (
> > https://urldefense.com/v3/__https://www.shapeblue.com/securing-cloudst
> >
> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$
> ) for setting up https for the GUI.
> >
> > At the moment i am stuck, as i didn't really have clue where and how
> > to proceed onwards, as i am not finding any problems, warinings or
> > errors in the cloudstack log's.
> > Usage of netstat shows, that currently no service is listening on port
> > 8443.
> >
> > Which leads me to a assumption that i maybe messed up
> > access-priviledges for the actual keystore-file, as the
> > server.properties noted sais, that the https configuration will  only
> > be used when the keystorefile exists and is readable by the
> managementserver.
> > Therefore  which permissions are normally used for the keystore to be
> > accessed by the management server?
> >
> > As the documentation states, that more or less every site has it's own
> > practices on providing webservices to actual users, i would like to
> > ask for some experiences with different appoaches?
> > Till now i "stumbled" over some ways the set up a reverseproxy based
> > on nginx / apache "in front" of the actual CS-Management WebServer,
> > which shall take care of the certificate handling. Another idea i have
> > read on a side would be to "by pass" the CS-Management Webserver,
> > targetting directly to the "root"-volume. Which seems to be a aventures
> appoach...
> >
> > So i am highly interested in your approaches and experiences
> > regardning this topic.
> >
> > Thanks in advance!
> >
>

Reply via email to