dicos/99_one-frontend.xml: Début du travail sur le support HTTPS
Ajout d'une configuration nginx "basique". Ouverture des ports du firewall Création du script d'activation de la configuration nginx ref #9081 @3h
This commit is contained in:
parent
2535d69274
commit
cb338dae2f
@ -9,7 +9,14 @@
|
||||
<file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/>
|
||||
<file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/>
|
||||
<file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
|
||||
<file filelist='onefrontend' name='/etc/nginx/sites-available/nebula.conf' source='nginx-nebula.conf' rm='True' mkdir='True'/>
|
||||
<file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/>
|
||||
<service_access service='sunstoneHttps'>
|
||||
<port>443</port>
|
||||
</service_access>
|
||||
<service_restriction service='sunstoneHttps'>
|
||||
<ip interface='eth0' netmask='netmask_admin_eth0' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ip_admin_eth0</ip>
|
||||
</service_restriction>
|
||||
<service_access service='sunstone'>
|
||||
<port port_type="SymLinkOption">port_sunstone</port>
|
||||
<port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>
|
||||
|
14
posttemplate/02-nebula-nginx
Executable file
14
posttemplate/02-nebula-nginx
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
ENABLE=$(CreoleGet activer_onefrontend 'non')
|
||||
CONF_FILE='nebula.conf'
|
||||
|
||||
if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
|
||||
rm /etc/nginx/sites-enabled/${CONF_FILE}
|
||||
fi
|
||||
if [ -L /etc/nginx/sites-enabled/eoleapps.conf ];then
|
||||
rm /etc/nginx/sites-enabled/eoleapps.conf
|
||||
fi
|
||||
if [ "${ENABLE}" = 'oui' ];then
|
||||
ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
|
||||
fi
|
30
tmpl/nginx-nebula.conf
Normal file
30
tmpl/nginx-nebula.conf
Normal file
@ -0,0 +1,30 @@
|
||||
#### OpenNebula Sunstone upstream
|
||||
upstream sunstone {
|
||||
server 127.0.0.1:%%port_sunstone;
|
||||
# server %%adresse_ip_eth0:%%port_sunstone;
|
||||
}
|
||||
|
||||
#### cloudserver.org HTTP virtual host
|
||||
server {
|
||||
listen 80;
|
||||
server_name cloudserver.org;
|
||||
|
||||
### Permanent redirect to HTTPS (optional)
|
||||
return 301 https://$server_name:443;
|
||||
}
|
||||
|
||||
#### cloudserver.org HTTPS virtual host
|
||||
server {
|
||||
listen 443;
|
||||
server_name cloudserver.org;
|
||||
|
||||
### SSL Parameters
|
||||
ssl on;
|
||||
ssl_certificate %%server_pem;
|
||||
ssl_certificate_key %%server_key;
|
||||
|
||||
### Proxy requests to upstream
|
||||
location / {
|
||||
proxy_pass http://sunstone;
|
||||
}
|
||||
}
|
@ -28,8 +28,8 @@
|
||||
|
||||
# Server Configuration
|
||||
#
|
||||
#:host: 127.0.0.1
|
||||
:host: %%ip_sunstone
|
||||
:host: 127.0.0.1
|
||||
#:host: %%ip_sunstone
|
||||
:port: %%port_sunstone
|
||||
|
||||
# Place where to store sessions, this value can be memory or memcache
|
||||
|
Loading…
Reference in New Issue
Block a user