GitHub user davift edited a comment on the discussion: Nginx or Apache as a reverse proxy in front of CloudStack (including VNC console support)
Thank you @bradh352, For the record, the reason why I initially applied a certificate to the SysVMs is to keep the backend traffic encrypted. I do not bother to update this cert when it expires because NGINX is set by default not to check validity (always trust). If one wants to be more thorough, an internal CA can be created and used to sign a multi-year certificate just for that purpose. In the realm of using a Regex to parse the Host Header and craft the backend IP of the system VM, but I walked away from it because if the Regex is not precisely strict, it can be used to SSRF. Regarding your repos: There is a ton of good stuff there. I will continue to dig for treasure... GitHub link: https://github.com/apache/cloudstack/discussions/11562#discussioncomment-15038401 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
