From cb338dae2f7e112c65555af2de0d7c3766e20f75 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Tue, 11 Aug 2015 15:16:45 +0200
Subject: [PATCH] =?UTF-8?q?dicos/99=5Fone-frontend.xml:=20=20D=C3=A9but=20?=
 =?UTF-8?q?du=20travail=20sur=20le=20support=20HTTPS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ajout d'une configuration nginx "basique".
Ouverture des ports du firewall
Création du script d'activation de la configuration nginx

ref #9081 @3h
---
 dicos/99_one-frontend.xml    |  7 +++++++
 posttemplate/02-nebula-nginx | 14 ++++++++++++++
 tmpl/nginx-nebula.conf       | 30 ++++++++++++++++++++++++++++++
 tmpl/sunstone-server.conf    |  4 ++--
 4 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100755 posttemplate/02-nebula-nginx
 create mode 100644 tmpl/nginx-nebula.conf

diff --git a/dicos/99_one-frontend.xml b/dicos/99_one-frontend.xml
index 2d590c0..6cf96d2 100644
--- a/dicos/99_one-frontend.xml
+++ b/dicos/99_one-frontend.xml
@@ -9,7 +9,14 @@
         <file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/>
         <file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/>
         <file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
+        <file filelist='onefrontend' name='/etc/nginx/sites-available/nebula.conf' source='nginx-nebula.conf' rm='True' mkdir='True'/>
         <file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/>
+        <service_access service='sunstoneHttps'>
+            <port>443</port>
+        </service_access>
+        <service_restriction service='sunstoneHttps'>
+            <ip interface='eth0' netmask='netmask_admin_eth0' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ip_admin_eth0</ip>
+        </service_restriction>
         <service_access service='sunstone'>
             <port port_type="SymLinkOption">port_sunstone</port>
             <port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>
diff --git a/posttemplate/02-nebula-nginx b/posttemplate/02-nebula-nginx
new file mode 100755
index 0000000..5edf3f2
--- /dev/null
+++ b/posttemplate/02-nebula-nginx
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+ENABLE=$(CreoleGet activer_onefrontend 'non')
+CONF_FILE='nebula.conf'
+
+if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
+    rm /etc/nginx/sites-enabled/${CONF_FILE}
+fi
+if [ -L /etc/nginx/sites-enabled/eoleapps.conf ];then
+    rm /etc/nginx/sites-enabled/eoleapps.conf
+fi
+if [ "${ENABLE}" = 'oui' ];then
+    ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
+fi
diff --git a/tmpl/nginx-nebula.conf b/tmpl/nginx-nebula.conf
new file mode 100644
index 0000000..10e9cd5
--- /dev/null
+++ b/tmpl/nginx-nebula.conf
@@ -0,0 +1,30 @@
+#### OpenNebula Sunstone upstream
+upstream sunstone  {
+         server 127.0.0.1:%%port_sunstone;
+#         server %%adresse_ip_eth0:%%port_sunstone;
+}
+
+#### cloudserver.org HTTP virtual host
+server {
+        listen 80;
+        server_name cloudserver.org;
+
+        ### Permanent redirect to HTTPS (optional)
+        return 301 https://$server_name:443;
+}
+
+#### cloudserver.org HTTPS virtual host
+server {
+        listen 443;
+        server_name cloudserver.org;
+
+        ### SSL Parameters
+        ssl on;
+        ssl_certificate %%server_pem;
+        ssl_certificate_key %%server_key;
+
+        ### Proxy requests to upstream
+        location / {
+                 proxy_pass http://sunstone;
+        }
+}
diff --git a/tmpl/sunstone-server.conf b/tmpl/sunstone-server.conf
index afb2dbe..bba3ce3 100644
--- a/tmpl/sunstone-server.conf
+++ b/tmpl/sunstone-server.conf
@@ -28,8 +28,8 @@
 
 # Server Configuration
 #
-#:host: 127.0.0.1
-:host: %%ip_sunstone
+:host: 127.0.0.1
+#:host: %%ip_sunstone
 :port: %%port_sunstone
 
 # Place where to store sessions, this value can be memory or memcache