I am not sure we can do what you are asking for. A lot of stuff is not going to work. AFAIK you will need a dedicated machine to run ovirt engine on the default ports.
On Thu, Feb 14, 2019 at 10:29 PM du_hon...@yeah.net <du_hon...@yeah.net> wrote: > hi Ravi > sorry, I do not understand when I visit http: > 192.168.122.176:80/ovirt-engine still redirect to https: > 192.168.122.176:443/ovirt-engine, I already fix sso_clients table; > who redirect http to https?? > thanks > > engine=# select * from sso_clients > engine-# ; > id | client_id | > > client_secret > > | callback_prefix > | certificate_location > | notification_callback | > description | email | > > scope > > > | trusted | notification_callback_protocol | > notification_callback_verify_host | notification_callback_verify_chain > > ----+--------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > --------------------------------------------------------------------------------------------------------------+-----------------------------------------+------------------------------------- > > ---+-------------------------------------------------------------+--------------------+-------+----------------------------------------------------------------------------------------------- > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > ------------------------+---------+--------------------------------+-----------------------------------+------------------------------------ > 1 | ovirt-engine-core | > eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6ImRSc3Y1bnNCR2F0b3M1WTNNOHhiQktGaDlSbEd4SnpjWWxmdzY3NmNUaFk9Iiwic2VjcmV0IjoicE5RM2E0TXQ2aU40MU5YVVY3R0ZMZjcvVnZBMWlWWnN > oOE1ERXozQkIwZz0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0= > | http://192.168.122.176:80/ovirt-engine/ | > /etc/pki/ovirt-engine/certs/engine.c > er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | oVirt > Engine | | openid ovirt-app-portal ovirt-app-admin > ovirt-app-api ovirt-ext=auth:identity ovirt-ext=token: > password-access ovirt-ext=auth:sequence-priority > ovirt-ext=token:login-on-behalf ovirt-ext=token-info:authz-search > ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate ovir > t-ext=revoke:revoke-all | t | TLS | f > | t > 2 | ovirt-provider-ovn | > eyJhcnRpZmFjdCI6IkVudmVsb3BlUEJFIiwic2FsdCI6Ikh0Zlp5eFJEUXB2RmVaOTJCeU83NUxISXR3Uk9Nd05YUWYzd2wyS2lvSkE9Iiwic2VjcmV0IjoiOVlMZldRSHRiZDdBbVVQdnRNcTgwdndzWG8xMzN6a1V > 5WXN2dEJxVEttWT0iLCJ2ZXJzaW9uIjoiMSIsIml0ZXJhdGlvbnMiOiI0MDAwIiwiYWxnb3JpdGhtIjoiUEJLREYyV2l0aEhtYWNTSEExIn0= > | http://192.168.122.176:80/ovirt-engine/ | > /etc/pki/ovirt-engine/certs/engine.c > er | http:/192.168.122.176:80/ovirt-engine/services/sso-callback | > ovirt-provider-ovn | | ovirt-app-api ovirt-ext=token-info:validate > ovirt-ext=token-info:public-authz-search > > > > | t | TLS | f > | t > (2 rows) > > ------------------------------ > > Regards > > Hongyu Du > > > *From:* du_hon...@yeah.net > *Date:* 2019-02-14 23:32 > *To:* Ravi Nori <rn...@redhat.com> > *CC:* users <users@ovirt.org> > *Subject:* [ovirt-users] Re: access engine by http > thanks Ravi, because my engine certification is signed by myself, when I > visit my ovirt-engine by browser, browser need add security exception, so > I want to engine by http. > > I realise /etc/httpd/conf.d/z-ovirt-engine-proxy.conf redirect > /ovirt-engine to 127.0.0.1:8702 , but I do not know how to redirect > https , I do not find some redirect https info. > > I fix "ProxyPassMatch ajp://127.0.0.1:8702 timeout=3600 retry=5" to > "ProxyPassMatch ajp://127.0.0.1:8543 timeout=3600 retry=5"? > > ------------------------------ > > Regards > > Hongyu Du > > > *From:* Ravi Shankar Nori <rn...@redhat.com> > *Date:* 2019-02-14 23:16 > *To:* du_hon...@yeah.net > *CC:* Greg Sheremeta <gsher...@redhat.com>; users <users@ovirt.org> > *Subject:* Re: Re: [ovirt-users] access engine by http > Apache uses ajp to communicate with engine on port 8702. You can redirect > from Apache with a simple RewriteCond > to jboss port 8543 but certificate verification is not going to work which > will cause issues with all oVirt tools. > > More over oVirt SSO is not going to let you access UI on port other than > 443 when installed through rpms. > You will need to fiddle with the database to update the redirect uris in > the sso_clients table. > > The best you can do is change the proxy port in > /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in > place. > > Why are you trying to by pass Apache? > > On Thu, Feb 14, 2019 at 9:25 AM du_hon...@yeah.net <du_hon...@yeah.net> > wrote: > >> sorry I describe errror, >> my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf >> >> ENGINE_FQDN=localhost.localdomain >> ENGINE_PROXY_ENABLED=false >> ENGINE_PROXY_HTTP_PORT=None >> ENGINE_PROXY_HTTPS_PORT=None >> ENGINE_AJP_ENABLED=false >> ENGINE_AJP_PORT=None >> ENGINE_HTTP_ENABLED=true >> ENGINE_HTTPS_ENABLED=false >> ENGINE_HTTP_PORT=8080 >> ENGINE_HTTPS_PORT=8443 >> >> I know install ovirt-engine from source in a developer setup, this can >> visit engine by http. and not apache in the frontend. but I want to >> visit engine that is installed rpm by http? >> >> Besides I realize apache not redirect http to https ovirt jboss >> redirect http to https? >> >> ------------------------------ >> >> Regards >> >> Hongyu Du >> >> >> *From:* Greg Sheremeta <gsher...@redhat.com> >> *Date:* 2019-02-14 19:24 >> *To:* du_hon...@yeah.net >> *CC:* Ravi Nori <rn...@redhat.com>; users <users@ovirt.org> >> *Subject:* Re: Re: [ovirt-users] access engine by http >> Sorry, I'm still not understanding what you are trying to achieve. >> Nothing is on 8843 - ? >> >> If you install ovirt-engine from source in a developer setup, it's 8080 >> http by default and no apache in front. Maybe try that. >> >> Greg >> >> On Thu, Feb 14, 2019 at 12:14 AM du_hon...@yeah.net <du_hon...@yeah.net> >> wrote: >> >>> hi Greg, Ravi >>> thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but >>> still rediect https://192.168.122.176:8443/tchyp-engine/, I want to >>> know How to redirect to 8843? >>> Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf >>> #IncludeOptional conf.d/*.conf, >>> But http is still redirect to https, I should how disable redirect? >>> I find this file /usr/share/ovirt-engine/services/ovirt-engine/ >>> ovirt-engine.xml.in, I try to delete follow line. but ovirt-engine >>> server is not boot >>> <socket-binding >>> name="redirect" >>> port="{{ HTTPS_PORT }}"/> >>> /var/log/ovirt-engine/boot.log has some error? >>> 13:12:43,144 INFO [org.jboss.as] WFLYSRV0049: WildFly Full >>> 11.0.0.Final (WildFly Core 3.0.8.Final) starting >>> 13:12:44,644 INFO [org.jboss.as.controller.management-deprecated] >>> WFLYCTL0028: Attribute 'security-realm' in the resource at address >>> '/core-service=management/management-interface=native-interface' is >>> deprecated, and may be removed in future version. See the attribute >>> description in the output of the read-resource-description operation to >>> learn more about the deprecation. >>> 13:12:44,646 INFO [org.jboss.as.controller.management-deprecated] >>> WFLYCTL0028: Attribute 'security-realm' in the resource at address >>> '/core-service=management/management-interface=http-interface' is >>> deprecated, and may be removed in future version. See the attribute >>> description in the output of the read-resource-description operation to >>> learn more about the deprecation. >>> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] >>> WFLYCTL0028: Attribute 'security-realm' in the resource at address >>> '/subsystem=undertow/server=default-server/https-listener=https' is >>> deprecated, and may be removed in future version. See the attribute >>> description in the output of the read-resource-description operation to >>> learn more about the deprecation. >>> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated] >>> WFLYCTL0028: Attribute 'enabled-protocols' in the resource at address >>> '/subsystem=undertow/server=default-server/https-listener=https' is >>> deprecated, and may be removed in future version. See the attribute >>> description in the output of the read-resource-description operation to >>> learn more about the deprecation. >>> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >>> Found restapi.war in deployment directory. To trigger deployment create a >>> file called restapi.war.dodeploy >>> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >>> Found engine.ear in deployment directory. To trigger deployment create a >>> file called engine.ear.dodeploy >>> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >>> Found ovirt-web-ui.war in deployment directory. To trigger deployment >>> create a file called ovirt-web-ui.war.dodeploy >>> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004: >>> Found apidoc.war in deployment directory. To trigger deployment create a >>> file called apidoc.war.dodeploy >>> 13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities >>> required by resource >>> '/subsystem=undertow/server=default-server/http-listener=http' are not >>> available: >>> org.wildfly.network.socket-binding.redirect; Possible registration >>> points for this capability: >>> /socket-binding-group=*/socket-binding=* >>> 13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has >>> failed in an unrecoverable manner; exiting. See previous messages for >>> details. >>> 13:12:44,920 INFO [org.jboss.as] WFLYSRV0050: WildFly Full >>> 11.0.0.Final (WildFly Core 3.0.8.Final) stopped in 13ms >>> >>> >>> ------------------------------ >>> >>> Regards >>> >>> Hongyu Du >>> >>> >>> *From:* Greg Sheremeta <gsher...@redhat.com> >>> *Date:* 2019-02-14 04:08 >>> *To:* du_hon...@yeah.net; Ravi Nori <rn...@redhat.com> >>> *CC:* users <users@ovirt.org> >>> *Subject:* Re: [ovirt-users] access engine by http >>> What are you trying to achieve? SSL is good :) >>> >>> I suspect you have to disable ssl in the apache server >>> /etc/httpd/conf.d/ssl.conf >>> but I'm not really sure. >>> >>> And, if you do, I suspect some things that use certificates won't work, >>> either (console, disk upload, etc.) >>> >>> Ravi might know more. >>> >>> Greg >>> >>> On Wed, Feb 13, 2019 at 3:39 AM du_hon...@yeah.net <du_hon...@yeah.net> >>> wrote: >>> >>>> I want to access engine by http, after engine-setup success, I fix >>>> /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf >>>> >>>> ENGINE_FQDN=localhost.localdomain >>>> ENGINE_PROXY_ENABLED=false >>>> ENGINE_PROXY_HTTP_PORT=None >>>> ENGINE_PROXY_HTTPS_PORT=None >>>> ENGINE_AJP_ENABLED=false >>>> ENGINE_AJP_PORT=None >>>> ENGINE_HTTP_ENABLED=true >>>> ENGINE_HTTPS_ENABLED=false >>>> ENGINE_HTTP_PORT=8080 >>>> ENGINE_HTTPS_PORT=443 >>>> >>>> but I access http://ip:8080/ovirt-engine , still browser is redirect >>>> to https, I should how to disable redirect? >>>> >>>> >>>> >>>> ------------------------------ >>>> >>>> Regards >>>> >>>> Hongyu Du >>>> _______________________________________________ >>>> Users mailing list -- users@ovirt.org >>>> To unsubscribe send an email to users-le...@ovirt.org >>>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >>>> oVirt Code of Conduct: >>>> https://www.ovirt.org/community/about/community-guidelines/ >>>> List Archives: >>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRCA4QLQLA5BPPJNSEP6JKNN/ >>>> >>> >>> >>> -- >>> >>> GREG SHEREMETA >>> >>> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >>> >>> Red Hat NA >>> >>> <https://www.redhat.com/> >>> >>> gsher...@redhat.com IRC: gshereme >>> <https://red.ht/sig> >>> >>> >> >> -- >> >> GREG SHEREMETA >> >> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX >> >> Red Hat NA >> >> <https://www.redhat.com/> >> >> gsher...@redhat.com IRC: gshereme >> <https://red.ht/sig> >> >>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XSQDDQQ4LXKRSMQXSE7WKXHRJFK3Q6SZ/