目次

02 OpenStack base Console

Console Proxy

https://blog.gnuoy.eu/2014/09/openstack-guest-console-access-with-juju.html

JuJu Gui

JuJu Guiから
nova-cloud-controller で console-proxy-ip をグローバルのアドレスに変更(hogehoge.comなど)

今回は、下記に変更
100.100.100.250

console-proxy-ipを変更するとConsoleのアドレスが下記のように変わる

@maasvm-dev:~$ nova get-vnc-console 4334cf29-a393-4ac5-baa0-f9fb49df6da8 novnc
+-------+-----------------------------------------------------------------------------------------------+
| Type  | Url                                                                                           |
+-------+-----------------------------------------------------------------------------------------------+
| novnc | https://192.168.0.200:6080/vnc_auto.html?path=%3Ftoken%3Dadd8b447-9751-4b50-8f95-5cb92dd60f57 |
+-------+-----------------------------------------------------------------------------------------------+

Change console-proxy-ip local => 100.100.100.250.250

@maasvm-dev:~$ nova get-vnc-console 4334cf29-a393-4ac5-baa0-f9fb49df6da8 novnc
+-------+-------------------------------------------------------------------------------------------------+
| Type  | Url                                                                                             |
+-------+-------------------------------------------------------------------------------------------------+
| novnc | https://100.100.100.250:6080/vnc_auto.html?path=%3Ftoken%3Dfaa90f3a-74d1-4ad6-a402-4268b28f282d |
+-------+-------------------------------------------------------------------------------------------------+

後はリバースプロキシ

下記のようにつなげてあげる
100.100.100.250:6080 → 192.168.0.200:6080

リバースプロキシ例

09 Dockerリバースプロキシ(HTTPS)

server {
	server_name proxy.hogehoge.com;
	listen 6080 ssl http2 ;
#	access_log /var/log/nginx/access.log vhost;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/proxy.hogehoge.com.crt;
	ssl_certificate_key /etc/nginx/certs/proxy.hogehoge.com.key;
	ssl_dhparam /etc/nginx/certs/proxy.hogehoge.com.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/nginx/certs/proxy.hogehoge.com.chain.pem;
	add_header Strict-Transport-Security "max-age=31536000" always;
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass https://192.168.0.200:6080;
	}
}