5.13.85 + lighttpd SSL, FireEdge public end point not available error

Community Support General
1

Hi there,

I’ve been following this guide to get OpenNebula using SSL with lighttpd but I’ve run into a problem.

https://docs.opennebula.io/5.12/deployment/sunstone_setup/suns_auth.html#configuring-an-ssl-proxy

I’ve followed all the steps but I’m getting an error that the fireedge public endpoint isn’t available. Which is strange because I had changed this as per the install doc to be the IP of my OpenNebula install.

Is there an additional step I need to do for fireedge ?

Thanks!

2

You should also add the fireedge to the lighttpd configuration. By default fireedge is listening on localhost: 2616. After adding it adjust sunstone-server.conf file (with new fireedge url via lighttpd) and restart sunstone service

3

Got there in the end. I threw away lighttpd for nginx and life improved from there.

2 Likes
4

Hi, can you share your configuration nginx please.

Kind regards

5

Pretty much this, change hostname.example.com and the cert paths and you should be good -

/etc/nginx/conf.d/hostname.example.com.conf -

server_tokens off;

#### redirect port 80 to 443
server {
    listen 80;
    server_name hostanme.example.com;
    return 301 https://$server_name;
}

upstream sunstone  {
    server 127.0.0.1:9869;
}

upstream fireedge {
    server 127.0.0.1:2616;
}

upstream websocket_proxy {
    server 127.0.0.1:29876;
}

server {
    listen 443 ssl;
    server_name hostname.example.com;
    ssl_certificate /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;

    location / {
        if ($args ~* "host=.+&port=.+&token=.+&encrypt=.+") {
            rewrite ^/$ /websockify/ last;
        }
        proxy_pass              http://sunstone;
        proxy_redirect          off;
        log_not_found           off;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
    }

    location /websockify {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header x-forwarded-proto  $scheme;
        proxy_set_header Host $host;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_read_timeout 86400;
        proxy_pass https://websocket_proxy;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

server {
    listen 2617 ssl;
    server_name hostanme.example.com;
    ssl_certificate /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;

    location / {
        proxy_pass              http://fireedge;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_read_timeout 86400;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /websockify {
        proxy_pass https://localhost:29876;
    }
}
1 Like
6

In /etc/one/sunstone-server.conf -

################################################################################
# FireEdge
################################################################################

#:private_fireedge_endpoint: http://localhost:2616
#:public_fireedge_endpoint: http://localhost:2616
:private_fireedge_endpoint: http://localhost:2616
:public_fireedge_endpoint: https://hostname.example.com:2617
7

it’s woooooooork :slight_smile:
Thank you

Kind regard

1 Like