You are welcome 😊! Regards, Jordan
-----Original Message----- From: vas...@gmx.de <vas...@gmx.de> Sent: Tuesday, September 21, 2021 12:21 AM To: users@cloudstack.apache.org Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / recommadations relizing [X] This message came from outside your organization UPDATE: @yordan Sir - you made my day! It is working. What i've done: - Checking the initial certificates for additonal blanks (even if this shouldn't bother - but safety first.... :-D) - Stick to the nameing convention for the keystore.pkcs12 - literally I scipped the automatic redirect part, as this is currently handled by my firewall. Also i didn't changend port-numbers. Nevertheless it works! So thank you once again Am Mo., 20. Sept. 2021 um 20:55 Uhr schrieb vas...@gmx.de <vas...@gmx.de>: > Hi everyone, sorry for getting back with quiet a delay. > > Short update: > Seems i got at least as far to secure SSVM and CPVM with the > certificates needed. But thats another topic :-D > > @wei > Thanks for your advice, as said above i am currently "done" with > points 1 & 3 of your setup list. will take a look into a suitable > nginx configuration i guess. My last attemps ended with a "to many redirects" > error - i am not to much into the webserver business at all.... > > @Yordan > Thanks for sharing this. I took a look into that, but sadly i didn't > found a different approach in all the things i have tried until now. > I guess i will take a look into the certificates again, as i could > imagine that something went wrong while writing them into the > keystore... Will keep you updated. > > Am Fr., 17. Sept. 2021 um 14:33 Uhr schrieb Yordan Kostov < > yord...@nsogroup.com>: > >> Hi, >> >> I do remember having issues with the steps in Shapeblue guide. >> Eventually I threw some notes for a future guide you can >> check here -> >> https://urldefense.com/v3/__https://github.com/dredknight/cloud_scripts/blob/master/CloudStack-Xen/ACS-ssl-gui-guide.sh__;!!A6UyJA!39wKNbwTatkPL0reqblk1gYzIaxCFJT7gQOHjgtQfVwLPcDWYMcq_2XlJE5c3VAdfz0ZygqzKzsa$ >> I hope that helps. >> >> Best regards, >> Jordan >> >> -----Original Message----- >> From: Wei ZHOU <ustcweiz...@gmail.com> >> Sent: Thursday, September 16, 2021 10:20 PM >> To: users <users@cloudstack.apache.org>; vas...@gmx.de >> Subject: Re: Problems setting up HTTPS on CS Managementserver GUI / >> recommadations relizing >> >> >> [X] This message came from outside your organization >> >> >> Hi, >> >> afaik the most common setup is >> (1) start (multiple) cloudstack management server with port 8080 >> (2) setup a reverse proxy (nginx/pfsense/haproxy, etc) which supports >> SSL termination and transparent LB. >> (3) upload ssl certificate in cloudstack GUI, and enable SSL for >> cloudsack console proxy and secondary storage. >> >> -Wei >> >> >> On Tue, 14 Sept 2021 at 19:19, vas...@gmx.de <vas...@gmx.de> wrote: >> >> > Hi, >> > >> > at the moment I am trying to setting up https - access for the >> > management server with my own certificates. Sadly i wasn't >> > successfull >> until now. >> > OS: Ubuntu 20.04 >> > Standard Cloudstack >> > Basically i was following the documentation ( >> > >> > https://urldefense.com/v3/__http://docs.cloudstack.apache.org/en/la >> > tes >> > t/installguide/optional_installation.html*ssl-optional__;Iw!!A6UyJA >> > !0d >> > TT8fqOaTGELyheFRnbrYw22T34WaEoPMbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3 >> > pTq >> > DCm-$ >> > ) >> > as well as following guide from shapeblue ( >> > https://urldefense.com/v3/__https://www.shapeblue.com/securing-clou >> > dst >> > >> ack-4-11-with-https-tls/__;!!A6UyJA!0dTT8fqOaTGELyheFRnbrYw22T34WaEoP >> MbmxwezYicKr808oddMvJAwxkY7LIC7IuZy3n-PQYEK$ >> ) for setting up https for the GUI. >> > >> > At the moment i am stuck, as i didn't really have clue where and >> > how to proceed onwards, as i am not finding any problems, warinings >> > or errors in the cloudstack log's. >> > Usage of netstat shows, that currently no service is listening on >> > port 8443. >> > >> > Which leads me to a assumption that i maybe messed up >> > access-priviledges for the actual keystore-file, as the >> > server.properties noted sais, that the https configuration will >> > only be used when the keystorefile exists and is readable by the >> managementserver. >> > Therefore which permissions are normally used for the keystore to >> > be accessed by the management server? >> > >> > As the documentation states, that more or less every site has it's >> > own practices on providing webservices to actual users, i would >> > like to ask for some experiences with different appoaches? >> > Till now i "stumbled" over some ways the set up a reverseproxy >> > based on nginx / apache "in front" of the actual CS-Management >> > WebServer, which shall take care of the certificate handling. >> > Another idea i have read on a side would be to "by pass" the >> > CS-Management Webserver, targetting directly to the "root"-volume. >> > Which seems to be a aventures >> appoach... >> > >> > So i am highly interested in your approaches and experiences >> > regardning this topic. >> > >> > Thanks in advance! >> > >> >
