Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A633F11615 for ; Tue, 23 Sep 2014 09:00:56 +0000 (UTC) Received: (qmail 41716 invoked by uid 500); 23 Sep 2014 09:00:56 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 41666 invoked by uid 500); 23 Sep 2014 09:00:56 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 41645 invoked by uid 99); 23 Sep 2014 09:00:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Sep 2014 09:00:55 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [193.9.21.22] (HELO mail.hosting.isg.si) (193.9.21.22) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Sep 2014 09:00:29 +0000 Received: from mail.hosting.isg.si (localhost.localdomain [127.0.0.1]) by mail.hosting.isg.si (Postfix) with ESMTP id 0111AA7C069 for ; Tue, 23 Sep 2014 11:00:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=simple; d=isg.si; h=content-type :mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; s=postfix; bh=PQIltrWb17MfS5Wa4SmrcuT6hL0=; b=apbmy/wX8/VuB7TV+KOh12xBR4ro hYUhjAwkdbfV/LupVbk4n2Wp90XwUkf3WvoxW2R192Hu/Xni3SIy4cwE7lFigVB4 WsXNBHe8+2Pg86Ty1uh/7rRvx+bqwn2UflAtnswVjVMNZihAIGI9GfouEQ7MMnYg hd9XECv6GoA2VYY= DomainKey-Signature: a=rsa-sha1; c=simple; d=isg.si; h=content-type :mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; q=dns; s= postfix; b=zYJaITiFyWp2teWdJPLDgCDtfJuWb6mz0AvAnA7VXQIerqtC61/5A VzXBk91AsaMHTXpCUi9jbqox441OOXGsgOsdWwQyHp7ncM8aszWXjgypPcuHIXG8 2Og5e8fIFT0VtoMNIJUjd4x84W0iCLk3ynbUo1rrl5rtOGQypyQ/Pc= Received: from [10.10.60.244] (fwCluster.isg.si [213.157.224.200]) by mail.hosting.isg.si (Postfix) with ESMTPSA id CBE01A7C062 for ; Tue, 23 Sep 2014 11:00:25 +0200 (CEST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: console proxy HTTPS in 4.3.1, static option, clarification please From: France In-Reply-To: Date: Tue, 23 Sep 2014 11:00:47 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <73179320-4DDD-46CD-9634-8BDC7747F537@isg.si> References: To: dev@cloudstack.apache.org X-Mailer: Apple Mail (2.1878.6) X-Virus-Checked: Checked by ClamAV on apache.org Thank you for your answer. On 22 Sep 2014, at 18:58, Amogh Vasekar = wrote: > Hi, >=20 > No, option (3) is not fully supported yet since it needs integration = with > a load balancer for all console proxy VM ips. Please see the note at > = https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes= # > RealhostIPchanges-ConsoleProxy.1 >=20 > Amogh >=20 > On 9/22/14 4:47 AM, "France" wrote: >=20 >> Hi, >>=20 >> because i get confusing information on the internet, i would like to = ask >> here for clarification. >>=20 >> There are three options for >> consoleproxy.url.domain >> configure setting. >>=20 >> 1. Disable it with empty string. >> Not really an option, because iframe to http from https, is silently >> blocked by browsers now-days. If there would be a link to click = instead >> of iframe it could work and i would be done with it. >>=20 >> 2. *.somedomain.xxx >> Wildcard option. Requires to run own DNS server and buying of = expensive >> certificates. Not really an option, due to too high costs of wildcard = and >> setting up of another unnecessary service. >>=20 >> 3. secure.somedomain.xxx >> Static option which would allow us to use a single FQDN certificate. = This >> is acceptable for us, but upon testing with 4.3.1 (restart of ACS, >> destruction of console proxy SVM) did not link to = secure.somedomain.xxx. >>=20 >> Before i loose any more time with thir doption. Does it work with = 3.4.1? >>=20 >>=20 >> According to documentation for 4.3 on: >> = http://docs.cloudstack.apache.org/projects/cloudstack-administration/en/4.= >> = 3/search.html?q=3Dconsoleproxy.url.domain&check_keywords=3Dyes&area=3Ddefa= ult >> in: >> Working with System Virtual Machines >> Console Proxy >>=20 >> Load-balancing Console Proxies >>=20 >> An alternative to using dynamic DNS or creating a range of DNS = entries as >> described in the last section would be to create a SSL certificate = for a >> specific domain name, configure CloudStack to use that particular = FQDN, >> and then configure a load balancer to load balance the console = proxy=B9s IP >> address behind the FQDN. As the functionality for this is still new, >> please=20 >> = seehttps://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+chan= >> ges for more details. >>=20 >>=20 >> Regards, >> F