ユーザ用ツール

サイト用ツール


サイドバー



最近の更新



Tag Cloud

タグ#
6
10
1
3
1
2
17
7
1
1
6
12
4
1
2
202
1
6
2
7
14
5
1
27
3
3
1
6
1
1
41
1
3
3
1
1
1
1
1
1
24
46
7
9
10
5
10
3
3
2
8
2
2
6
5
1
1
4
9
4
3
3
2
1
8
2
4
1
5
27
2
12
2
3
1
1
2
2
1
1
1
4
3
2
4
2
2
1
1
2
1
2
1
2
1
26
2
1
2
2
2
1
1
2
3
13
5
8
1
1
2
12
1
5
1
2
7
1
1
1
1
1
8
1
5
2
1
1
1
3
3
10
1
2
1
1
7
3
1
10
1
1
4
1
2
1
2
7
2
1
3
1
1
3
1
2
1
2
2
2
1
2
3
1
2
3
4
1
3
1
3
3
2
1
1
7
1
3
3
1
1
1
1
5
1
32
2
1
2
1
2
2
3
1
1
1
3
1
2
1
1
1
3
1
1
1
2
4
2
1
1
1
3
1
2
4
2
1
2
1
1
1
1
2
1
1
1
01_linux:08_仮想化:31_opennebula_ssl

31 OpenNebula SSL化

OpenNebula

/etc/one/sunstone-server.conf

:host: 0.0.0.0
:port: 80
↓
:host: 127.0.0.1
:port: 9869

:vnc_proxy_port: 29876
:vnc_proxy_support_wss: no
:vnc_proxy_cert:
:vnc_proxy_key:
:vnc_proxy_ipv6: false
:vnc_request_password: false
↓
:vnc_proxy_port: 29876
:vnc_proxy_support_wss: yes
:vnc_proxy_cert: /etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem
:vnc_proxy_key: /etc/letsencrypt/live/hoge.hogehoge.com/privkey.pem
:vnc_proxy_ipv6: false
:vnc_request_password: false

Nginx

/etc/nginx/conf.d/hoge.hogehoge.com.conf

#### OpenNebula Sunstone upstream
upstream sunstone {
    server 127.0.0.1:9869;
}

upstream websocketproxy {
    server 127.0.0.1:29876;
}

#### cloudserver.org HTTP virtual host
server {
        listen 80;
        server_name hoge.hogehoge.com;
	root /usr/share/nginx/html;
        ### Permanent redirect to HTTPS (optional)
        #return 301 https://$server_name:8443;
}

#### cloudserver.org HTTPS virtual host
server {
    listen 443;
    server_name hoge.hogehoge.com;

    ### SSL Parameters
    ssl on;
    ssl_session_timeout 24h;
    ssl_certificate /etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/hoge.hogehoge.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    client_max_body_size 10G;

    ### Proxy requests to upstream
    location / {
        proxy_pass http://sunstone;
    }

    location /websockify {
        proxy_pass http://websocketproxy;
}

Lets' Encryptの場合

oneadminでアクセスできないと、下記のエラーになります。

xxx.xx.xxx.xxx: SSL connection but '/etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem' not found
xxx.xx.xxx.xxx: SSL connection but '/etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem' not found
# chmod 755 /etc/letsencrypt/live /etc/letsencrypt/archive
# chmod 644 /etc/letsencrypt/archive/hoge.hogehoge.com/privkey*

おまけLet's Encrypt更新

certbot-auto renew --force-renew --post-hook "service opennebula-sunstone restart"
01_linux/08_仮想化/31_opennebula_ssl.txt · 最終更新: 2019/11/22 09:06 by matsui

Yesterday:1603 Today:646 Total:07766