dicos/99_one-frontend.xml: Début du travail sur le support HTTPS

Ajout d'une configuration nginx "basique". Ouverture des ports du firewall Création du script d'activation de la configuration nginx ref #9081 @3h
2015-08-11 15:16:45 +02:00 · 2015-08-11 15:16:45 +02:00 · cb338dae2f
parent 2535d69274
commit cb338dae2f
4 changed files with 53 additions and 2 deletions
--- a/dicos/99_one-frontend.xml
+++ b/dicos/99_one-frontend.xml
@ -9,7 +9,14 @@
        <file filelist='onefrontend' name='/etc/one/sunstone-views/cloud.yaml' rm='True' mkdir='True'/>
        <file filelist='onefrontend' name='/etc/one/sunstone-views/vdcadmin.yaml' rm='True' mkdir='True'/>
        <file filelist='onefrontend' name='/etc/one/auth/ldap_auth.conf' source='sunstone-ldap_auth.conf' rm='True' mkdir='True'/>
+        <file filelist='onefrontend' name='/etc/nginx/sites-available/nebula.conf' source='nginx-nebula.conf' rm='True' mkdir='True'/>
        <file filelist='appmarket' name='/etc/one/sunstone-appmarket.conf' rm='True' mkdir='True'/>
+        <service_access service='sunstoneHttps'>
+            <port>443</port>
+        </service_access>
+        <service_restriction service='sunstoneHttps'>
+            <ip interface='eth0' netmask='netmask_admin_eth0' netmask_type='SymLinkOption' ip_type='SymLinkOption'>ip_admin_eth0</ip>
+        </service_restriction>
        <service_access service='sunstone'>
            <port port_type="SymLinkOption">port_sunstone</port>
            <port port_type="SymLinkOption">vnc_proxy_port_sunstone</port>
--- a/posttemplate/02-nebula-nginx
+++ b/posttemplate/02-nebula-nginx
@ -0,0 +1,14 @@
+#!/bin/bash
+
+ENABLE=$(CreoleGet activer_onefrontend 'non')
+CONF_FILE='nebula.conf'
+
+if [ -L /etc/nginx/sites-enabled/${CONF_FILE} ];then
+    rm /etc/nginx/sites-enabled/${CONF_FILE}
+fi
+if [ -L /etc/nginx/sites-enabled/eoleapps.conf ];then
+    rm /etc/nginx/sites-enabled/eoleapps.conf
+fi
+if [ "${ENABLE}" = 'oui' ];then
+    ln -s /etc/nginx/sites-available/${CONF_FILE} /etc/nginx/sites-enabled/${CONF_FILE}
+fi
--- a/tmpl/nginx-nebula.conf
+++ b/tmpl/nginx-nebula.conf
@ -0,0 +1,30 @@
+#### OpenNebula Sunstone upstream
+upstream sunstone  {
+         server 127.0.0.1:%%port_sunstone;
+#         server %%adresse_ip_eth0:%%port_sunstone;
+}
+
+#### cloudserver.org HTTP virtual host
+server {
+        listen 80;
+        server_name cloudserver.org;
+
+        ### Permanent redirect to HTTPS (optional)
+        return 301 https://$server_name:443;
+}
+
+#### cloudserver.org HTTPS virtual host
+server {
+        listen 443;
+        server_name cloudserver.org;
+
+        ### SSL Parameters
+        ssl on;
+        ssl_certificate %%server_pem;
+        ssl_certificate_key %%server_key;
+
+        ### Proxy requests to upstream
+        location / {
+                 proxy_pass http://sunstone;
+        }
+}
--- a/tmpl/sunstone-server.conf
+++ b/tmpl/sunstone-server.conf
@ -28,8 +28,8 @@

 # Server Configuration
 #
-#:host: 127.0.0.1
-:host: %%ip_sunstone
+:host: 127.0.0.1
+#:host: %%ip_sunstone
 :port: %%port_sunstone

 # Place where to store sessions, this value can be memory or memcache