Cadoles
/
eole-one-frontend
20
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dicos/99_one-frontend.xml: Début du travail sur le support HTTPS 

Ajout d'une configuration nginx "basique".
Ouverture des ports du firewall
Création du script d'activation de la configuration nginx

ref #9081 @3h
This commit is contained in:
Philippe Caseiro 2015-08-11 15:16:45 +02:00
parent 2535d69274
commit cb338dae2f
4 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dicos/99_one-frontend.xml
View File

@ -9,7 +9,14 @@
<file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/> <file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/>
<file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/> <file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/>
<file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/> <file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
<file filelist='onefrontend' name='/etc/nginx/sites-available/nebula.conf' source='nginx-nebula.conf' rm='True' mkdir='True'/>
<file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/> <file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/>
<service_access service='sunstoneHttps'>
<port>443</port>
</service_access>
<service_restriction service='sunstoneHttps'>
<ip interface='eth0' netmask='netmask_admin_eth0' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ip_admin_eth0</ip>
</service_restriction>
<service_access service='sunstone'> <service_access service='sunstone'>
<port port_type="SymLinkOption">port_sunstone</port> <port port_type="SymLinkOption">port_sunstone</port>
<port port_type="SymLinkOption">vnc_proxy_port_sunstone</port> <port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>

14
posttemplate/02-nebula-nginx Executable file
View File

@ -0,0 +1,14 @@
#!/bin/bash
ENABLE=$(CreoleGet activer_onefrontend 'non')
CONF_FILE='nebula.conf'
if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
rm /etc/nginx/sites-enabled/${CONF_FILE}
fi
if [ -L /etc/nginx/sites-enabled/eoleapps.conf ];then
rm /etc/nginx/sites-enabled/eoleapps.conf
fi
if [ "${ENABLE}" = 'oui' ];then
ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
fi

30
tmpl/nginx-nebula.conf Normal file
View File

@ -0,0 +1,30 @@
#### OpenNebula Sunstone upstream
upstream sunstone {
server 127.0.0.1:%%port_sunstone;
# server %%adresse_ip_eth0:%%port_sunstone;
}
#### cloudserver.org HTTP virtual host
server {
listen 80;
server_name cloudserver.org;
### Permanent redirect to HTTPS (optional)
return 301 https://$server_name:443;
}
#### cloudserver.org HTTPS virtual host
server {
listen 443;
server_name cloudserver.org;
### SSL Parameters
ssl on;
ssl_certificate %%server_pem;
ssl_certificate_key %%server_key;
### Proxy requests to upstream
location / {
proxy_pass http://sunstone;
}
}

4
tmpl/sunstone-server.conf
View File

@ -28,8 +28,8 @@
# Server Configuration # Server Configuration
# #
#:host: 127.0.0.1 :host: 127.0.0.1
:host: %%ip_sunstone #:host: %%ip_sunstone
:port: %%port_sunstone :port: %%port_sunstone
# Place where to store sessions, this value can be memory or memcache # Place where to store sessions, this value can be memory or memcache