Apache uses ajp to communicate with engine on port 8702. You can redirect from Apache with a simple RewriteCond to jboss port 8543 but certificate verification is not going to work which will cause issues with all oVirt tools.
More over oVirt SSO is not going to let you access UI on port other than 443 when installed through rpms. You will need to fiddle with the database to update the redirect uris in the sso_clients table. The best you can do is change the proxy port in /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in place. Why are you trying to by pass Apache? On Thu, Feb 14, 2019 at 9:25 AM du_hon...@yeah.net <du_hon...@yeah.net> wrote: > sorry I describe errror, > my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf > > ENGINE_FQDN=localhost.localdomain > ENGINE_PROXY_ENABLED=false > ENGINE_PROXY_HTTP_PORT=None > ENGINE_PROXY_HTTPS_PORT=None > ENGINE_AJP_ENABLED=false > ENGINE_AJP_PORT=None > ENGINE_HTTP_ENABLED=true > ENGINE_HTTPS_ENABLED=false > ENGINE_HTTP_PORT=8080 > ENGINE_HTTPS_PORT=8443 > > I know install ovirt-engine from source in a developer setup, this can > visit engine by http. and not apache in the frontend. but I want to > visit engine that is installed rpm by http? > > Besides I realize apache not redirect http to https ovirt jboss redirect > http to https? > > ------------------------------ > > Regards > > Hongyu Du > > > *From:* Greg Sheremeta <gsher...@redhat.com> > *Date:* 2019-02-14 19:24 > *To:* du_hon...@yeah.net > *CC:* Ravi Nori <rn...@redhat.com>; users <users@ovirt.org> > *Subject:* Re: Re: [ovirt-users] access engine by http > Sorry, I'm still not understanding what you are trying to achieve. Nothing > is on 8843 - ? > > If you install ovirt-engine from source in a developer setup, it's 8080 > http by default and no apache in front. Maybe try that. > > Greg > > On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net <du_hon...@yeah.net> > wrote: > >> hi Greg, Ravi >> thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but >> still rediect https://192.168.122.176:8443/tchyp-engine/, I want to >> know How to redirect to 8843? >> Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf >> #IncludeOptional conf.d/*.conf, >> But http is still redirect to https, I should how disable redirect? >> I find this file /usr/share/ovirt-engine/services/ovirt-engine/ >> ovirt-engine.xml.in, I try to delete follow line. but ovirt-engine >> server is not boot >> <socket-binding >> name="redirect" >> port="{{ HTTPS_PORT }}"/> >> /var/log/ovirt-engine/boot.log has some error? >> 13:12:43,144 INFO [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final >> (WildFly Core 3.0.8.Final) starting >> 13:12:44,644 INFO [org.jboss.as.controller.management-deprecated] >> WFLYCTL0028: Attribute 'security-realm' in the resource at address >> '/core-service=management/management-interface=native-interface' is >> deprecated, and may be removed in future version. See the attribute >> description in the output of the read-resource-description operation to >> learn more about the deprecation. >> 13:12:44,646 INFO [org.jboss.as.controller.management-deprecated] >> WFLYCTL0028: Attribute 'security-realm' in the resource at address >> '/core-service=management/management-interface=http-interface' is >> deprecated, and may be removed in future version. See the attribute >> description in the output of the read-resource-description operation to >> learn more about the deprecation. >> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] >> WFLYCTL0028: Attribute 'security-realm' in the resource at address >> '/subsystem=undertow/server=default-server/https-listener=https' is >> deprecated, and may be removed in future version. See the attribute >> description in the output of the read-resource-description operation to >> learn more about the deprecation. >> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] >> WFLYCTL0028: Attribute 'enabled-protocols' in the resource at address >> '/subsystem=undertow/server=default-server/https-listener=https' is >> deprecated, and may be removed in future version. See the attribute >> description in the output of the read-resource-description operation to >> learn more about the deprecation. >> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >> Found restapi.war in deployment directory. To trigger deployment create a >> file called restapi.war.dodeploy >> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >> Found engine.ear in deployment directory. To trigger deployment create a >> file called engine.ear.dodeploy >> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >> Found ovirt-web-ui.war in deployment directory. To trigger deployment >> create a file called ovirt-web-ui.war.dodeploy >> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >> Found apidoc.war in deployment directory. To trigger deployment create a >> file called apidoc.war.dodeploy >> 13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities >> required by resource >> '/subsystem=undertow/server=default-server/http-listener=http' are not >> available: >> org.wildfly.network.socket-binding.redirect; Possible registration >> points for this capability: >> /socket-binding-group=*/socket-binding=* >> 13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has >> failed in an unrecoverable manner; exiting. See previous messages for >> details. >> 13:12:44,920 INFO [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final >> (WildFly Core 3.0.8.Final) stopped in 13ms >> >> >> ------------------------------ >> >> Regards >> >> Hongyu Du >> >> >> *From:* Greg Sheremeta <gsher...@redhat.com> >> *Date:* 2019-02-14 04:08 >> *To:* du_hon...@yeah.net; Ravi Nori <rn...@redhat.com> >> *CC:* users <users@ovirt.org> >> *Subject:* Re: [ovirt-users] access engine by http >> What are you trying to achieve? SSL is good :) >> >> I suspect you have to disable ssl in the apache server >> /etc/httpd/conf.d/ssl.conf >> but I'm not really sure. >> >> And, if you do, I suspect some things that use certificates won't work, >> either (console, disk upload, etc.) >> >> Ravi might know more. >> >> Greg >> >> On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net <du_hon...@yeah.net> >> wrote: >> >>> I want to access engine by http, after engine-setup success, I fix >>> /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf >>> >>> ENGINE_FQDN=localhost.localdomain >>> ENGINE_PROXY_ENABLED=false >>> ENGINE_PROXY_HTTP_PORT=None >>> ENGINE_PROXY_HTTPS_PORT=None >>> ENGINE_AJP_ENABLED=false >>> ENGINE_AJP_PORT=None >>> ENGINE_HTTP_ENABLED=true >>> ENGINE_HTTPS_ENABLED=false >>> ENGINE_HTTP_PORT=8080 >>> ENGINE_HTTPS_PORT=443 >>> >>> but I access http://ip:8080/ovirt-engine , still browser is redirect >>> to https, I should how to disable redirect? >>> >>> >>> >>> ------------------------------ >>> >>> Regards >>> >>> Hongyu Du >>> _______________________________________________ >>> Users mailing list -- users@ovirt.org >>> To unsubscribe send an email to users-le...@ovirt.org >>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRCA4QLQLA5BPPJNSEP6JKNN/ >>> >> >> >> -- >> >> GREG SHEREMETA >> >> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >> >> Red Hat NA >> >> <https://www.redhat.com/> >> >> gsher...@redhat.com IRC: gshereme >> <https://red.ht/sig> >> >> > > -- > > GREG SHEREMETA > > SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX > > Red Hat NA > > <https://www.redhat.com/> > > gsher...@redhat.com IRC: gshereme > <https://red.ht/sig> > >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZI6EWFMWP5YZ365B4UYM2M3OU624PK7S/
