GitHub user rohityadavcloud added a comment to the discussion: How to secure
console proxy use nginx reverse Self-Signed SSL Certificate ?
Here's what you can do:
Let's assume you've a single public IP (usually your WAN), then you can setup
port forwarding such as:
WAN port 80 (or 443) -> ACS mgmt server IP port 8080
WAN port 8080 -> CPVM public IP port 8080
Then you can create domain/DNS records such as:
A record for example.com -> WAN IP
A record for console.example.com -> WAN IP
ACS global settings can be tuned as: (restarting mgmt server required)
consoleproxy.sslEnabled -> true
consoleproxy.url.domain -> console.example.com
You can write nginx reverse proxy for the management server API/UI service on
port 8080.
Here's example of how you can secure console proxy's port 8080 (here
192.168.1.20 is the CPVM public IP):
```
listen 8080 ssl http2;
location /websockify {
proxy_pass http://192.168.1.20:8080/websockify;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
proxy_ignore_client_abort off;
proxy_read_timeout 86400;
}
```
You may adapt/test this as necessary.
Refer:
https://www.mail-archive.com/users@cloudstack.apache.org/msg32064.html
GitHub link:
https://github.com/apache/cloudstack/discussions/9013#discussioncomment-9283779
----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
