Re: Setting up a DNS Name for console proxy ssl connection

Mon, 29 Nov 2021 04:24:35 -0800 

Hi,
thanks a lot for your help! I have made the console proxy work with https. I found out that for some reason our DNS server did not take the DNS entry for the public IP of the Console Proxy. 


Is there a way to remove a SSL certificate for the Console Proxy/ which 
was uploaded over the GUI? I assume if I would upload a new certicate 
(new end date) Cloudstack would use the newer one, right?


Regards

Mevludin

Am 26.11.2021 um 10:40 schrieb Rohit Yadav:

Hi Mevludin,

You need to define the consoleproxy.sslEnabled and consoleproxy.url.domain global 
settings and upload the SSL certificate via Infra -> SSL certificate form. Upon 
uploading of your certificate the CPVM should restart/reconfigure. Also make sure 
that the domain (if not a wildcard) is resolved to the public IP address of the 
CPVM. You don't need any port-specific configuration, but make sure to restart 
mgmt server after changing global settings, if necessary destroy the old CPVM 
after restart.

You can read more here: 
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/

With 4.16, when the consoleproxy.sslEnabled is false but domain is defined then 
the CPVM url will open the console proxy url without enforcing https:// 
(however the https:// scheme will be enforced is mgmt server is accessed over 
https://). This can be used for doing out-of-band SSL termination, for ex. 
using a nginx proxy.


Regards.

________________________________
From: Mevludin Blazevic <mblaze...@uni-koblenz.de>
Sent: Thursday, November 25, 2021 23:56
To: users@cloudstack.apache.org <users@cloudstack.apache.org>
Subject: Setting up a DNS Name for console proxy ssl connection

Hi all,

is it enough to define just a DNS name for the console proxys public ip
address for enabling SSL? Let's say you define cpvm.mydomain.com as the
DNS name for the console proxy and also set this in the configs
"consoleproxy.url.domain" and "consoleproxy.sslEnabled" and upload an
appropriate certificate via the GUI, which is not a wildcard
certificate. When trying to access the console I get a 404 error. Did I
miss a redirection configuration somewhere from port 8080 to 443 (or 8443)?

Regards

Mevludin




  




--
Mevludin Blazevic, M.Sc.

University of Koblenz-Landau
Computing Centre (GHRKO)
Universitaetsstrasse 1
D-56070 Koblenz, Germany
Room A023
Tel: +49 261/287-1326























					Reply via email to