Hello, i would like to open opennebula web gui using: http://cloud.mydomain.com instead http://cloud.mydomain.com:9869
somebody know how to do and can help me ?
Thanks
You can do it by setup reverse proxy, example Nginx > opennebula.
thanks… there’s any guide (how-to) ?
thanks
You can edit the port in /etc/one/sunstone-server.conf .
i tried already to edit /etc/one/sunstone-server.conf i set
:host: 0.0.0.0
:port: 80
but not working…
Did you restart the sunstone server? If yes, do you have another server listening on port 80? Or a portscan detection tool that is observing port 80?
yes i restarted sunstone server but do not working… i checked no service bind already to port 80
netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1766/mysqld
tcp 0 0 127.0.0.1:2474 0.0.0.0:* LISTEN 1278/ruby
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:29876 0.0.0.0:* LISTEN 2019/python2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1311/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1978/master
tcp 0 0 0.0.0.0:2633 0.0.0.0:* LISTEN 52767/oned
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1311/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1978/master
Ah, I see, that is because opening port 80 requires root privilege.
You can try to change user and maybe group in /lib/systemd/system/opennebula-sunstone.service and/or /etc/init.d/opennebula-sunstone .
Hello, you should use Nginx as reverse proxy also with SSL termination.
So set host back to 127.0.0.1 in /etc/one/sunstone-server.conf
:host: 127.0.0.1
:port: 9869
and put this to /etc/nginx/nginx.conf + generate dhparams
openssl dhparam -out /etc/nginx/dhparams.pem 2048
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/nginx/nginx.crt;
ssl_certificate_key /etc/nginx/nginx.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparams.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:9869;
}
}
also you shoud enable wss in vnc config in /etc/one/sunstone-server.conf
:vnc_proxy_port: 29876
:vnc_proxy_support_wss: only
:vnc_proxy_cert: /etc/nginx/nginx.crt
:vnc_proxy_key: /etc/nginx/nginx.key
:vnc_proxy_ipv6: false
:vnc_request_password: falseGreat feldsam
is ok but i now VNC not working anymore… im getting this error:
VNC Server disconnected (code: 1006)
from chrome dev tools i can see this error:
WebSocket connection to ‘wss://10.10.100.100:29876/?token=nvevi5lr93d0i1b11lcv’ failed: Error in connection establishment: net::ERR_CONNECTION_RESE
the certificate is valid… infact from browser i can see the green lock: https://10.10.100.100
thanks
Did you also add certs to vnc setup? Did you have valid certs (not selfsigned)? Did you restarted sunstone?
yes i added the certs to vnc setup and my SSL certs are valid not selfsigned…
anyway from novnc.log i can se this error:
handler exception: [Errno 13] Permission denied
handler exception: [Errno 13] Permission denied
I have separated certs for nginx and for sunstone, so try to duplicate it and chgrp to oneadmin group
Great it worked… just a certificate owner 
thank you so much
Since you already found a working solution I am not sure if it is still of any interest for you but in the official documentation you can find information on how to run sunstone in another webserver (e.g. apache):
… the reverse proxy with nginx is also described there