Hi, at the moment I am trying to setting up https - access for the management server with my own certificates. Sadly i wasn't successfull until now. OS: Ubuntu 20.04 Standard Cloudstack Basically i was following the documentation ( http://docs.cloudstack.apache.org/en/latest/installguide/optional_installation.html#ssl-optional) as well as following guide from shapeblue ( https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/) for setting up https for the GUI.
At the moment i am stuck, as i didn't really have clue where and how to proceed onwards, as i am not finding any problems, warinings or errors in the cloudstack log's. Usage of netstat shows, that currently no service is listening on port 8443. Which leads me to a assumption that i maybe messed up access-priviledges for the actual keystore-file, as the server.properties noted sais, that the https configuration will only be used when the keystorefile exists and is readable by the managementserver. Therefore which permissions are normally used for the keystore to be accessed by the management server? As the documentation states, that more or less every site has it's own practices on providing webservices to actual users, i would like to ask for some experiences with different appoaches? Till now i "stumbled" over some ways the set up a reverseproxy based on nginx / apache "in front" of the actual CS-Management WebServer, which shall take care of the certificate handling. Another idea i have read on a side would be to "by pass" the CS-Management Webserver, targetting directly to the "root"-volume. Which seems to be a aventures appoach... So i am highly interested in your approaches and experiences regardning this topic. Thanks in advance!
