cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrija Panic <andrija.pa...@gmail.com>
Subject Re: Configuring HTTPS for UI
Date Wed, 05 Aug 2020 09:13:43 GMT
Hi Mike,

in production, you might want to do the SSL offloading on the load
balancer, but yes, you can also setup SSL on the Jetty as well - please see
the article
https://www.shapeblue.com/securing-cloudstack-4-11-with-https-tls/  (skip
the first part which describes securing system VMs with SSL)

Best,
Andrija

On Tue, 4 Aug 2020 at 20:47, Corey, Mike <mike.corey@sap.com> wrote:

> Hi,
>
>
>
> I’m trying to figure out how to use https or 8443 with an internally
> signed certificate and chain for the UI.  The latest documentation only has
> the below snippet.  I’ve created my internally signed certificate, root,
> and intermediary cert and I believe I’ve done all the imports into my
> keystore using keytool correctly.  I’ve also modified the server.properties
> with the correct jks location and password as directed by the documentation.
>
>
>
> Older versions of CloudStack documentation reference doing something with
> Jetty, but the link to the reference is for out of life versions.  I don’t
> see any messages in the logs pertaining to TLS, SSL, 8443, etc.  Is there
> more to this process than documented?
>
>
>
> *SSL (Optional)*
>
> CloudStack provides HTTP access in its default installation. There are a
> number of technologies and sites which choose to implement SSL/TLS. As a
> result, we have left CloudStack to expose HTTP under the assumption that a
> site will implement its typical practice.
>
> CloudStack 4.9 and above uses embedded Jetty as its servlet container. For
> sites that would like CloudStack to terminate the SSL session, HTTPS can be
> enabled by configuring the https-related settings in CloudStack management
> server’s server.properties file at /etc/cloudstack/management/ location:
>
> *# For management server to pickup these configuration settings, the
> configured*
>
> *# keystore file should exists and be readable by the management server.*
>
> https.enable=true
>
> https.port=8443
>
> https.keystore=/etc/cloudstack/management/cloud.jks
>
> https.keystore.password=vmops.com
>
> For storing certificates, admins can create and configure a java keystore
> file and configure the same in the server.properties file as illustrated
> above.
>
>
>
>
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message