Re: [one-users] Need https for Opennebula URL in browser
Dear Sir, Could someone please say in which file do I need to modify? Thanks Sudeep On Thu, Jun 26, 2014 at 11:17 PM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Martin All, Thanks a lot for the valuable inputs. Which file do I edit in https/conf.d folder? [root@front conf.d]# ls auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf README squid.conf subversion.conf welcome.conf auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf revocator.conf ssl.confwebalizer.conf wsgi.conf I am in */etc/httpd/conf.d*. Should I create a file (by which name extension) or edit any existing file? I do not know whether *httpd.conf* in */etc/httpd/conf/ folder* is the file you are pointing at! Regards, S N Banerjee On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following configuration snippet in httpd/conf.d: VirtualHost *:443 ServerName default-ssl ## Vhost docroot DocumentRoot /usr/lib/one/sunstone/public ## Directories, there should at least be a declaration for /usr/lib/one/sunstone/public Directory /usr/lib/one/sunstone/public Options -MultiViews AllowOverride None Order allow,deny Allow from all /Directory ## Logging ErrorLog /var/log/httpd/default-ssl_error_ssl.log LogLevel warn ServerSignature Off CustomLog /var/log/httpd/default-ssl_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile crt file SSLCertificateKeyFile key file SSLCACertificatePath/etc/ssl/certs SSLCACertificateFilebundle file FilesMatch \.(cgi|shtml|phtml|php)$ SSLOptions +StdEnvVars /FilesMatch /VirtualHost hth, Martin On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread [one-users] VM in opennebula failing. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Need https for Opennebula URL in browser
Hi Sudeep, it is very unkind to repeat your question in a community based mailing list. If you need urgent professional support you should get in contact with puppetlabs sales and ask for enterprise support. The file I mentioned is in /etc/httpd/conf.d File name is arbitrary as long as it has the ending .conf http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-apache-config.html http://wiki.centos.org/TipsAndTricks/ApacheVhostDir Asking Google or duckduckgo would have provided the same results. Please try to search a least a little bit by yourself or get your company an enterprise support. hth, Martin On 27 Jun 2014, at 08:14, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Could someone please say in which file do I need to modify? Thanks Sudeep On Thu, Jun 26, 2014 at 11:17 PM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Martin All, Thanks a lot for the valuable inputs. Which file do I edit in https/conf.d folder? [root@front conf.d]# ls auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf README squid.conf subversion.conf welcome.conf auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf revocator.conf ssl.confwebalizer.conf wsgi.conf I am in /etc/httpd/conf.d. Should I create a file (by which name extension) or edit any existing file? I do not know whether httpd.conf in /etc/httpd/conf/ folder is the file you are pointing at! Regards, S N Banerjee On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following configuration snippet in httpd/conf.d: VirtualHost *:443 ServerName default-ssl ## Vhost docroot DocumentRoot /usr/lib/one/sunstone/public ## Directories, there should at least be a declaration for /usr/lib/one/sunstone/public Directory /usr/lib/one/sunstone/public Options -MultiViews AllowOverride None Order allow,deny Allow from all /Directory ## Logging ErrorLog /var/log/httpd/default-ssl_error_ssl.log LogLevel warn ServerSignature Off CustomLog /var/log/httpd/default-ssl_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile crt file SSLCertificateKeyFile key file SSLCACertificatePath/etc/ssl/certs SSLCACertificateFilebundle file FilesMatch \.(cgi|shtml|phtml|php)$ SSLOptions +StdEnvVars /FilesMatch /VirtualHost hth, Martin On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread [one-users] VM in opennebula failing. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Need https for Opennebula URL in browser
Hi Sudeep, You can also ask enterprise support from C12G Labs [1]. They can help you for sure, they build OpenNebula. As for your problem, I would ditch Apache and use nginx. I will post a step by step untested tutorial below. First, install nginx on the machine OpenNebula is installed on. I assume you are on a Debian based OS. If on CentOS switch apt-get with yum. $ sudo su - # apt-get install nginx Configure the default vhost to proxy requests to Sunstone upstream. The following is what I use in production and it works. /etc/nginx/sites-enabled/default ### sunstone vhost ### sunstone upstream server upstream sunstone { server 127.0.0.1:9869; } ### sunstone HTTP server server { listen 80 default_server; server_name localhost; ### Set up the access and error logs access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ### Append / if missing and redirect to HTTPS rewrite ^([^.]*[^/])$ https://$server_name/ permanent; return 301 https://$server_name$request_uri; } ### HTTPS Server # # sunstone HTTPS server # server { listen443; server_name localhost; keepalive_timeout 70; ### Logging access_log/var/log/nginx/access.log; error_log /var/log/nginx/error.log debug; ### SSL ssl on; ssl_certificate /etc/ssl/certs/sunstone.pem; ssl_certificate_key /etc/ssl/private/sunstone.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 480m; ### Intercept errors proxy_intercept_errors on; ### Custom error pages error_page 404 /errors/404.html; error_page 401 /errors/401.html; error_page 400 402 403 405 406 407 408 409 410 411 412 413 414 415 417 417 /errors/4xx.html; error_page 500 501 502 503 504 505 /errors/5xx.html; ### Root location # # Proxy requests to upstream # location / { proxy_pass http://sunstone; proxy_set_headerHost $host; proxy_set_headerX-Real-IP $remote_addr; proxy_set_headerX-Forwarded-For $proxy_add_x_forwarded_for; } ### Public Data # # Get the files from HDD not via Sunstone # location ~ ^/(css/|images/|js/|locale/|vendor/) { root /usr/lib/one/sunstone/public; expires 1w; } ### Error pages location /errors/ { alias /var/www/errors/; internal; } } Generate the SSL certificate. This is a self signed certificate, if you go production I recommend you built your own CA or buy a trusted certificate, Globe SSL is cheap in this area. This way you can secure your VNC also without any complaints from the browser. # openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/sunstone.pem -nodes -out /etc/ssl/certs/sunstone.pem -days 3650 Restart nginx and access http://ip.add.re.ss of OpenNebula machine. It might help you but please don't blindly copy paste, do some reading, you'll learn cool things :). [1]: http://c12g.com/ Best, Valentin On Fri, Jun 27, 2014 at 9:21 AM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, it is very unkind to repeat your question in a community based mailing list. If you need urgent professional support you should get in contact with puppetlabs sales and ask for enterprise support. The file I mentioned is in /etc/httpd/conf.d File name is arbitrary as long as it has the ending .conf http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-apache-config.html http://wiki.centos.org/TipsAndTricks/ApacheVhostDir Asking Google or duckduckgo would have provided the same results. Please try to search a least a little bit by yourself or get your company an enterprise support. hth, Martin On 27 Jun 2014, at 08:14, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Could someone please say in which file do I need to modify? Thanks Sudeep On Thu, Jun 26, 2014 at 11:17 PM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Martin All, Thanks a lot for the valuable inputs. Which file do I edit in https/conf.d folder? [root@front conf.d]# ls auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf README squid.conf subversion.conf welcome.conf auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf revocator.conf ssl.confwebalizer.conf wsgi.conf I am in /etc/httpd/conf.d. Should I create a file (by which name extension) or edit any existing file? I do not know whether httpd.conf in /etc/httpd/conf/ folder is the file you are pointing at! Regards, S N Banerjee On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following
Re: [one-users] Need https for Opennebula URL in browser
Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread *[one-users] VM in opennebula failing*. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Need https for Opennebula URL in browser
Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following configuration snippet in httpd/conf.d: VirtualHost *:443 ServerName default-ssl ## Vhost docroot DocumentRoot /usr/lib/one/sunstone/public ## Directories, there should at least be a declaration for /usr/lib/one/sunstone/public Directory /usr/lib/one/sunstone/public Options -MultiViews AllowOverride None Order allow,deny Allow from all /Directory ## Logging ErrorLog /var/log/httpd/default-ssl_error_ssl.log LogLevel warn ServerSignature Off CustomLog /var/log/httpd/default-ssl_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile crt file SSLCertificateKeyFile key file SSLCACertificatePath/etc/ssl/certs SSLCACertificateFilebundle file FilesMatch \.(cgi|shtml|phtml|php)$ SSLOptions +StdEnvVars /FilesMatch /VirtualHost hth, Martin On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread [one-users] VM in opennebula failing. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Need https for Opennebula URL in browser
Dear Martin All, Thanks a lot for the valuable inputs. Which file do I edit in https/conf.d folder? [root@front conf.d]# ls auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf README squid.conf subversion.conf welcome.conf auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf revocator.conf ssl.confwebalizer.conf wsgi.conf I am in */etc/httpd/conf.d*. Should I create a file (by which name extension) or edit any existing file? I do not know whether *httpd.conf* in */etc/httpd/conf/ folder* is the file you are pointing at! Regards, S N Banerjee On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following configuration snippet in httpd/conf.d: VirtualHost *:443 ServerName default-ssl ## Vhost docroot DocumentRoot /usr/lib/one/sunstone/public ## Directories, there should at least be a declaration for /usr/lib/one/sunstone/public Directory /usr/lib/one/sunstone/public Options -MultiViews AllowOverride None Order allow,deny Allow from all /Directory ## Logging ErrorLog /var/log/httpd/default-ssl_error_ssl.log LogLevel warn ServerSignature Off CustomLog /var/log/httpd/default-ssl_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile crt file SSLCertificateKeyFile key file SSLCACertificatePath/etc/ssl/certs SSLCACertificateFilebundle file FilesMatch \.(cgi|shtml|phtml|php)$ SSLOptions +StdEnvVars /FilesMatch /VirtualHost hth, Martin On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread [one-users] VM in opennebula failing. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Need https for Opennebula URL in browser
Dear All, May I please request you all to kindly provide me with an update? Thanks in advance! S N Banerjee On Thu, Jun 26, 2014 at 11:17 PM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Martin All, Thanks a lot for the valuable inputs. Which file do I edit in https/conf.d folder? [root@front conf.d]# ls auth_kerb.conf auth_pgsql.conf manual.conf mrtg.conf perl.conf README squid.conf subversion.conf welcome.conf auth_mysql.conf authz_ldap.conf mod_dnssd.conf nss.conf php.conf revocator.conf ssl.confwebalizer.conf wsgi.conf I am in */etc/httpd/conf.d*. Should I create a file (by which name extension) or edit any existing file? I do not know whether *httpd.conf* in */etc/httpd/conf/ folder* is the file you are pointing at! Regards, S N Banerjee On Thu, Jun 26, 2014 at 6:51 PM, Martin Alfke tux...@gmail.com wrote: Hi Sudeep, we run CentOS 6.5 with httpd and mod_passenger and the following configuration snippet in httpd/conf.d: VirtualHost *:443 ServerName default-ssl ## Vhost docroot DocumentRoot /usr/lib/one/sunstone/public ## Directories, there should at least be a declaration for /usr/lib/one/sunstone/public Directory /usr/lib/one/sunstone/public Options -MultiViews AllowOverride None Order allow,deny Allow from all /Directory ## Logging ErrorLog /var/log/httpd/default-ssl_error_ssl.log LogLevel warn ServerSignature Off CustomLog /var/log/httpd/default-ssl_access_ssl.log combined ## SSL directives SSLEngine on SSLCertificateFile crt file SSLCertificateKeyFile key file SSLCACertificatePath/etc/ssl/certs SSLCACertificateFilebundle file FilesMatch \.(cgi|shtml|phtml|php)$ SSLOptions +StdEnvVars /FilesMatch /VirtualHost hth, Martin On 26 Jun 2014, at 14:51, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sirs, Is there any update on the same? Thank you in advance! S N Banerjee On Thu, Jun 26, 2014 at 1:46 AM, Sudeep Narayan Banerjee snbaner...@iitgn.ac.in wrote: Dear Sir, Firstly I would like thank for the simple solution provided for the thread [one-users] VM in opennebula failing. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Thanks Regards, Sudeep Narayan Banerjee -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Need https for Opennebula URL in browser
Dear Sir, Firstly I would like thank for the simple solution provided for the thread *[one-users] VM in opennebula failing*. Now I would like to make it route through SSL at 443 port. I checked at your site and could find the steps meant for Ubuntu, hope checked properly! Is it possible for CentOS6.5 x86_64 ? Thanks in advance! Sudeep -- Thanks Regards, Sudeep Narayan Banerjee ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org