cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vadimkim <...@git.apache.org>
Subject [GitHub] cloudstack pull request: Reinstate working sessions in browser
Date Mon, 08 Jun 2015 13:55:48 GMT
Github user vadimkim commented on the pull request:

    https://github.com/apache/cloudstack/pull/308#issuecomment-110004148
  
    @rsafonseca 
    Thank you for explanation. I will try to put my points here:
    1. For public cloud HTTPS must be used (this is not an option) and external SSL offload
(proxy) should not brake entire logic.
    2. While I have found, that most of the logic works just perfect behind the proxy there
are 2 issues that need to be fixed 
    * login procedure somewhere uses direct path (not relative) and tried to call /client/api?command
directly. I have fixed it by 1 rewrite rule (see below). Otherwise login is not possible --
404 response.
    * F5 brakes session if I work over HTTPS proxy. Hope we will fix it together.
    
    I am using very simple nginx conf. Pure proxy:
    ```
    server {
        listen 443 ssl;
        server_name kickcloud.net;
        ssl_certificate           /usr/local/etc/ssl/my.crt;
        ssl_certificate_key       /usr/local/etc/ssl/my.key;
    
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
    
        access_log            /var/log/nginx/kickckloud.net.log;
    
        location / {
          rewrite /client(.*) $1  last;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-Server $host;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_pass          http://x.x.x.x:8080/client/;
          proxy_redirect      default;
          proxy_read_timeout  90;
        }
      }
    ```
    
    x.x.x.x -- backend server where Cloudstack runs
    public name that you can access  and check *cloudStack.js* is here: https://kickcloud.net/.
I have some more redirects from ports 8080 and 80 to 443, but they are not relevant here I
assume.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message