Browse Source

dicos/99_one-frontend.xml: Début du travail sur le support HTTPS

Ajout d'une configuration nginx "basique".
Ouverture des ports du firewall
Création du script d'activation de la configuration nginx

ref #9081 @3h
tags/pkg/dev/eole-2.7.0/0.0.1-0
Philippe Caseiro 3 years ago
parent
commit
cb338dae2f
4 changed files with 53 additions and 2 deletions
  1. 7
    0
      dicos/99_one-frontend.xml
  2. 14
    0
      posttemplate/02-nebula-nginx
  3. 30
    0
      tmpl/nginx-nebula.conf
  4. 2
    2
      tmpl/sunstone-server.conf

+ 7
- 0
dicos/99_one-frontend.xml View File

@@ -9,7 +9,14 @@
9 9
         <file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/>
10 10
         <file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/>
11 11
         <file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
12
+        <file filelist='onefrontend' name='/etc/nginx/sites-available/nebula.conf' source='nginx-nebula.conf' rm='True' mkdir='True'/>
12 13
         <file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/>
14
+        <service_access service='sunstoneHttps'>
15
+            <port>443</port>
16
+        </service_access>
17
+        <service_restriction service='sunstoneHttps'>
18
+            <ip interface='eth0' netmask='netmask_admin_eth0' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ip_admin_eth0</ip>
19
+        </service_restriction>
13 20
         <service_access service='sunstone'>
14 21
             <port port_type="SymLinkOption">port_sunstone</port>
15 22
             <port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>

+ 14
- 0
posttemplate/02-nebula-nginx View File

@@ -0,0 +1,14 @@
1
+#!/bin/bash
2
+
3
+ENABLE=$(CreoleGet activer_onefrontend 'non')
4
+CONF_FILE='nebula.conf'
5
+
6
+if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
7
+    rm /etc/nginx/sites-enabled/${CONF_FILE}
8
+fi
9
+if [ -L /etc/nginx/sites-enabled/eoleapps.conf ];then
10
+    rm /etc/nginx/sites-enabled/eoleapps.conf
11
+fi
12
+if [ "${ENABLE}" = 'oui' ];then
13
+    ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
14
+fi

+ 30
- 0
tmpl/nginx-nebula.conf View File

@@ -0,0 +1,30 @@
1
+#### OpenNebula Sunstone upstream
2
+upstream sunstone  {
3
+         server 127.0.0.1:%%port_sunstone;
4
+#         server %%adresse_ip_eth0:%%port_sunstone;
5
+}
6
+
7
+#### cloudserver.org HTTP virtual host
8
+server {
9
+        listen 80;
10
+        server_name cloudserver.org;
11
+
12
+        ### Permanent redirect to HTTPS (optional)
13
+        return 301 https://$server_name:443;
14
+}
15
+
16
+#### cloudserver.org HTTPS virtual host
17
+server {
18
+        listen 443;
19
+        server_name cloudserver.org;
20
+
21
+        ### SSL Parameters
22
+        ssl on;
23
+        ssl_certificate %%server_pem;
24
+        ssl_certificate_key %%server_key;
25
+
26
+        ### Proxy requests to upstream
27
+        location / {
28
+                 proxy_pass http://sunstone;
29
+        }
30
+}

+ 2
- 2
tmpl/sunstone-server.conf View File

@@ -28,8 +28,8 @@
28 28
 
29 29
 # Server Configuration
30 30
 #
31
-#:host: 127.0.0.1
32
-:host: %%ip_sunstone
31
+:host: 127.0.0.1
32
+#:host: %%ip_sunstone
33 33
 :port: %%port_sunstone
34 34
 
35 35
 # Place where to store sessions, this value can be memory or memcache

Loading…
Cancel
Save