Différences

Ci-dessous, les différences entre deux révisions de la page.

--- infrastructure:virtualisation:opennebula:frontend-install [18/05/2023 11:46] – Stéphane Paillet
+++ infrastructure:virtualisation:opennebula:frontend-install [18/05/2023 12:44] (Version actuelle) – Stéphane Paillet
@@ Ligne 1: / Ligne 1: @@
-====== Installation front One ======
+====== Installation frontend One ======
 {{tag>Virtualisation One front install}}
@@ Ligne 113: / Ligne 113: @@
 <code>
 ONEGATE_ENDPOINT = "http://one.example.com:5030"
+</code>
+===== Démarrage et activation des services =====
+Nous démarrons les services
+<code>
+systemctl start opennebula opennebula-sunstone opennebula-fireedge opennebula-gate opennebula-flow
+</code>
+Nous activons les services
+<code>
+systemctl enable opennebula opennebula-sunstone opennebula-fireedge opennebula-gate opennebula-flow
+</code>
+===== Proxy Nginx =====
+Nous installons Nginx
+<code>
+apt install nginx
+</code>
+Nous configurons le vHost
+<code>
+vi /etc/nginx/site-available/one.example.com.conf
+</code>
+<code>
+##
+# Nginx vHost
+# Application: OpenNebula Sunstone
+# Sources:
+# https://github.com/storpool/addon-vnctoken/blob/master/vnctoken.conf.nginx
+# https://forum.opennebula.io/t/fireedge-public-endpoint-is-not-working/9611/5
+##
+# No squealing.
+server_tokens off;
+# OpenNebula Sunstone upstream
+upstream sunstone {
+  server 127.0.0.1:9869;
+}
+# OpenNebula fireedge upstream
+upstream fireedge {
+  server 127.0.0.1:2616;
+}
+# OpenNebula websocketproxy upstream
+upstream websocketproxy {
+  server 127.0.0.1:29876;
+}
+# HTTP virtual host, redirect to HTTPS
+server {
+    listen 80;
+    server_name one.example.com;
+    return 301 https://one.example.com;
+}
+#
+# Example Sunstone configuration (/etc/one/sunstone-server.conf)
+#
+#:vnc_proxy_port: 127.0.0.1:29876
+#:vnc_proxy_support_wss: only
+#:vnc_proxy_cert: /etc/letsencrypt/live/frontend/fullchain.pem
+#:vnc_proxy_key: /etc/letsencrypt/live/frontend/privkey.pem
+#:vnc_proxy_ipv6: false
+#:vnc_request_password: false
+#:vnc_client_port: 443
+# HTTPS virtual host, proxy to Sunstone
+server {
+    listen 443 ssl;
+    server_name one.example.com;
+    ssl_certificate     /etc/ssl/certs/one.example.com.crt;
+    ssl_certificate_key /etc/ssl/private/one.example.com.key;
+    location / {
+        proxy_pass http://sunstone;
+        proxy_redirect     off;
+        log_not_found      off;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
+    }
+    location /websockify {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header x-forwarded-proto  $scheme;
+        proxy_set_header Host $host;
+        proxy_buffering off;
+        proxy_http_version 1.1;
+        proxy_read_timeout 86400;
+        proxy_pass https://websocketproxy;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+# HTTPS virtual host, proxy to FireEdge
+server {
+    listen 443 ssl;
+    server_name fireedge.example.com;
+    ssl_certificate     /etc/ssl/certs/fireedge.example.com.crt;
+    ssl_certificate_key /etc/ssl/private/fireedge.example.com.key;
+    location / {
+        proxy_pass http://fireedge;
+        proxy_redirect     off;
+        log_not_found      off;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
+    }
+}
+</code>
+<code>
+cd /etc/nginx/site-enabled
+ln -s /etc/nginx/site-available/one.example.com.conf
+</code>
+Nous testons la configuration et redémarrons
+<code>
+nginx -t
+systemctl reload nginx.service
 </code>