We currently have Apache and passenger setup with ssl. We are unable to connect to other zones from the web interface. Any idea? Does this only work with nginx/ssl federation?
Does anyone have any idea?
This should work with Apache as well, since the connection from Sunstone server to OpenNebula has to bypass the Apache (it needs to go directly to the XMLRPC interface).
Any relevant error in the master’s oned.log?
Depending on your Apache version, you may have troubles with the headers. You can add the following conf to try to get rid of this problem:
> <VirtualHost *:80>
> PassengerUser oneadmin
> SetEnvIfNoCase ^X.VCENTER.USER$ ^(.*)$ vuser=$1
> RequestHeader set X-VCENTER-USER %{vuser}e env=vuser
> SetEnvIfNoCase ^X.VCENTER.PASSWORD$ ^(.*)$ vpassword=$1
> RequestHeader set X-VCENTER-PASSWORD %{vpassword}e env=vpassword
> SetEnvIfNoCase ^X.VCENTER.HOST$ ^(.*)$ vhost=$1
> RequestHeader set X-VCENTER-HOST %{vhost}e env=vhost
> SetEnvIfNoCase ^X.VCENTER.HOST$ ^(.*)$ vhost=$1
> RequestHeader set X-VCENTER-HOST %{vhost}e env=vhost
> SetEnvIfNoCase ^HTTP.ZONE.NAME$ ^(.*)$ vhost=$1
> RequestHeader set HTTP-ZONE-NAME %{vhost}e env=vhost
> DocumentRoot /usr/lib/one/sunstone/public
> <Directory /usr/lib/one/sunstone/public>
> AllowOverride all
> Options -MultiViews
> Require all granted
> </Directory>
> </VirtualHost>
Thanks, I abandon Apache passenger since I was running out of time. I am using nginx ssl proxy.
I will revisit this when we split sunstone into multiple web servers.
Thanks,