troke12 commented on issue #7317:
URL: https://github.com/apache/cloudstack/issues/7317#issuecomment-1829964219
> sorry @AxelPanda @herdiansah571 I do not use the nginx config for now.
>
> @troke12 Have you configured nginx to support MGMT servers and CPVM/SSVM ?
If so, can you share the config files ? thanks
i'm already configured with nginx but it's fixed after upgrading, i can
reshare the config nginx that you give me before to adjust by as they needed
```
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8080 ssl http2;
server_name *.[domain.com](http://domain.com/)
access_log off;
error_log /dev/null crit;
ssl_certificate /root/SSLcerts/main.crt;
ssl_certificate_key /root/SSLcerts/private.key;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=63072000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
location /websockify {
proxy_pass https://10.0.57.121:8080/websockify;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
server {
listen 443 ssl http2;
server_name *.[domain.com](http://domain.com/)
access_log off;
error_log /dev/null crit;
ssl_certificate /root/SSLcerts/main.crt;
ssl_certificate_key /root/SSLcerts/private.key;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=63072000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
location / {
client_max_body_size 0;
client_body_buffer_size 8k;
proxy_cache off;
proxy_buffering off;
proxy_max_temp_file_size 0;
proxy_request_buffering off;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-signature $http_x_signature;
proxy_set_header X-metadata $http_x_metadata;
proxy_set_header X-expires $http_x_expires;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' ', Content-Type, origin,
authorization, accept, client-security-token, x-signature, x-metadata,
x-expires';
set $uuid "$1";
proxy_pass https://10.0.57.121/;
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
