Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
Prochaine révision		 Révision précédente
infrastructure:virtualisation:opennebula:frontend-install [18/05/2023 11:55] Stéphane Pailletinfrastructure:virtualisation:opennebula:frontend-install [18/05/2023 12:44] (Version actuelle) Stéphane Paillet
Ligne 1: Ligne 1:
-====== Installation front One ======+====== Installation frontend One ======
 {{tag>Virtualisation One front install}} {{tag>Virtualisation One front install}}
  
Ligne 127: Ligne 127:
 </code> </code>
  
-===== Installation / configuration proxy Nginx =====+===== Proxy Nginx =====
  
 Nous installons Nginx Nous installons Nginx
 <code> <code>
 apt install nginx apt install nginx
 +</code>
 +
 +Nous configurons le vHost
 +
 +<code>
 +vi /etc/nginx/site-available/one.example.com.conf
 +</code>
 +
 +<code>
 +##
 +# Nginx vHost
 +# Application: OpenNebula Sunstone
 +# Sources:
 +# https://github.com/storpool/addon-vnctoken/blob/master/vnctoken.conf.nginx
 +# https://forum.opennebula.io/t/fireedge-public-endpoint-is-not-working/9611/5
 +##
 +
 +# No squealing.
 +server_tokens off;
 +
 +# OpenNebula Sunstone upstream
 +upstream sunstone {
 +  server 127.0.0.1:9869;
 +}
 +
 +# OpenNebula fireedge upstream
 +upstream fireedge {
 +  server 127.0.0.1:2616;
 +}
 +
 +# OpenNebula websocketproxy upstream
 +upstream websocketproxy {
 +  server 127.0.0.1:29876;
 +}
 +
 +# HTTP virtual host, redirect to HTTPS
 +server {
 +    listen 80;
 +    server_name one.example.com;
 +    return 301 https://one.example.com;
 +}
 +
 +#
 +# Example Sunstone configuration (/etc/one/sunstone-server.conf)
 +#
 +#:vnc_proxy_port: 127.0.0.1:29876
 +#:vnc_proxy_support_wss: only
 +#:vnc_proxy_cert: /etc/letsencrypt/live/frontend/fullchain.pem
 +#:vnc_proxy_key: /etc/letsencrypt/live/frontend/privkey.pem
 +#:vnc_proxy_ipv6: false
 +#:vnc_request_password: false
 +#:vnc_client_port: 443
 +
 +# HTTPS virtual host, proxy to Sunstone
 +server {
 +    listen 443 ssl;
 +    server_name one.example.com;
 +    ssl_certificate     /etc/ssl/certs/one.example.com.crt;
 +    ssl_certificate_key /etc/ssl/private/one.example.com.key;
 +
 +    location / {
 +        proxy_pass http://sunstone;
 +        proxy_redirect     off;
 +        log_not_found      off;
 +        proxy_set_header   X-Real-IP $remote_addr;
 +        proxy_set_header   Host $http_host;
 +        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
 +    }
 +  
 +    location /websockify {
 +        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +        proxy_set_header X-Real-IP $remote_addr;
 +        proxy_set_header X-Forwarded-Host $host;
 +        proxy_set_header X-Forwarded-Server $host;
 +        proxy_set_header x-forwarded-proto  $scheme;
 +        proxy_set_header Host $host;
 +        proxy_buffering off;
 +        proxy_http_version 1.1;
 +        proxy_read_timeout 86400;
 +        proxy_pass https://websocketproxy;
 +        proxy_set_header Upgrade $http_upgrade;
 +        proxy_set_header Connection "upgrade";
 +    }
 +}
 +
 +# HTTPS virtual host, proxy to FireEdge 
 +server {
 +    listen 443 ssl;
 +    server_name fireedge.example.com;
 +    ssl_certificate     /etc/ssl/certs/fireedge.example.com.crt;
 +    ssl_certificate_key /etc/ssl/private/fireedge.example.com.key;
 +
 +    location / {
 +        proxy_pass http://fireedge;
 +        proxy_redirect     off;
 +        log_not_found      off;
 +        proxy_set_header   X-Real-IP $remote_addr;
 +        proxy_set_header   Host $http_host;
 +        proxy_set_header   X-Forwarded-FOR $proxy_add_x_forwarded_for;
 +    }
 +}
 +</code>
 +
 +<code>
 +cd /etc/nginx/site-enabled
 +ln -s /etc/nginx/site-available/one.example.com.conf
 +</code>
 +
 +Nous testons la configuration et redémarrons
 +<code>
 +nginx -t
 +systemctl reload nginx.service
 </code> </code>
  
  • infrastructure/virtualisation/opennebula/frontend-install.1684410917.txt.gz
  • Dernière modification : 18/05/2023 11:55
  • de Stéphane Paillet