ユーザ用ツール

サイト用ツール


サイドバー



最近の更新



Tag Cloud

タグ#
6
10
1
3
1
2
17
7
1
1
6
9
4
1
2
186
1
4
2
7
14
5
1
25
2
3
1
6
1
1
34
1
3
3
1
1
1
1
1
1
14
45
7
9
10
5
10
3
2
2
8
2
2
6
3
1
1
4
7
4
3
2
2
1
8
2
4
1
4
24
2
12
2
3
1
1
2
2
1
1
1
4
2
2
4
2
2
1
1
2
1
1
1
2
1
26
2
1
2
2
2
1
1
2
3
12
4
7
1
1
2
10
1
3
1
1
7
1
1
1
1
1
8
1
4
2
1
1
1
3
3
9
1
2
1
1
7
3
1
10
1
1
4
1
2
1
2
7
2
1
3
1
1
3
1
2
1
2
2
2
1
2
3
1
1
3
4
1
3
1
3
3
2
1
1
7
1
3
3
1
1
1
1
5
1
29
2
2
1
2
2
3
1
1
1
2
1
2
1
1
1
3
1
1
1
2
2
2
1
1
1
2
1
1
1

01_linux:08_仮想化:31_opennebula_ssl

31 OpenNebula SSL化

OpenNebula

/etc/one/sunstone-server.conf

:host: 0.0.0.0
:port: 80
↓
:host: 127.0.0.1
:port: 9869

:vnc_proxy_port: 29876
:vnc_proxy_support_wss: no
:vnc_proxy_cert:
:vnc_proxy_key:
:vnc_proxy_ipv6: false
:vnc_request_password: false
↓
:vnc_proxy_port: 29876
:vnc_proxy_support_wss: yes
:vnc_proxy_cert: /etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem
:vnc_proxy_key: /etc/letsencrypt/live/hoge.hogehoge.com/privkey.pem
:vnc_proxy_ipv6: false
:vnc_request_password: false

Nginx

/etc/nginx/conf.d/hoge.hogehoge.com.conf

#### OpenNebula Sunstone upstream
upstream sunstone {
    server 127.0.0.1:9869;
}

upstream websocketproxy {
    server 127.0.0.1:29876;
}

#### cloudserver.org HTTP virtual host
server {
        listen 80;
        server_name hoge.hogehoge.com;
	root /usr/share/nginx/html;
        ### Permanent redirect to HTTPS (optional)
        #return 301 https://$server_name:8443;
}

#### cloudserver.org HTTPS virtual host
server {
    listen 443;
    server_name hoge.hogehoge.com;

    ### SSL Parameters
    ssl on;
    ssl_session_timeout 24h;
    ssl_certificate /etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/hoge.hogehoge.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    client_max_body_size 10G;

    ### Proxy requests to upstream
    location / {
        proxy_pass http://sunstone;
    }

    location /websockify {
        proxy_pass http://websocketproxy;
}

Lets' Encryptの場合

oneadminでアクセスできないと、下記のエラーになります。

xxx.xx.xxx.xxx: SSL connection but '/etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem' not found
xxx.xx.xxx.xxx: SSL connection but '/etc/letsencrypt/live/hoge.hogehoge.com/fullchain.pem' not found
# chmod 755 /etc/letsencrypt/live /etc/letsencrypt/archive
# chmod 644 /etc/letsencrypt/archive/hoge.hogehoge.com/privkey*

おまけLet's Encrypt更新

certbot-auto renew --force-renew --post-hook "service opennebula-sunstone restart"
01_linux/08_仮想化/31_opennebula_ssl.txt · 最終更新: 2019/11/22 09:06 by matsui

Yesterday:568 Today:157 Total:04411