[Ovirt-devel] [PATCH server] Switch ovirt appliance httpd conf to use ssl, redirect http to https.
Jason Guiditta
jguiditt at redhat.com
Thu Mar 12 14:42:33 UTC 2009
On Wed, 2009-03-11 at 23:30 -0700, Ian Main wrote:
> On Wed, 11 Mar 2009 23:04:33 -0500
> Steve Linabery <slinabery at redhat.com> wrote:
>
> > On Wed, Mar 11, 2009 at 05:23:43PM -0700, Ian Main wrote:
> > > On Tue, 24 Feb 2009 10:29:03 -0600
> > > Steve Linabery <slinabery at redhat.com> wrote:
> > >
> > > > ---
> > > > conf/ovirt-server.conf | 20 +++++++++++++++++++-
> > > > installer/modules/ovirt/manifests/ovirt.pp | 15 +++++++++++++++
> > > > 2 files changed, 34 insertions(+), 1 deletions(-)
> > > >
> > > > diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> > > > index 7ab77b4..1d8cb7a 100644
> > > > --- a/conf/ovirt-server.conf
> > > > +++ b/conf/ovirt-server.conf
> > > > @@ -1,6 +1,24 @@
> > > > NameVirtualHost *:80
> > > > <VirtualHost *:80>
> > > > -ProxyRequests Off
> > > > + RewriteEngine on
> > > > + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> > > > +</VirtualHost>
> > > > +
> > > > +NameVirtualHost 192.168.50.2:443
> > > > +<VirtualHost 192.168.50.2:443>
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > > Doesn't work!! Will only work if you have the appliance-like setup
> > > (or randomly get that IP).
> > >
> > > Ian
> > >
> >
> > Hmm...yes...well, this script was meant to be used with the appliance from the get-go. I wasn't really trying to make it work for the bare-metal installer use case, although I agree it's of limited usefulness nowadays.
> >
>
> hrrm, I just updated my ovirt-server rpm on my bare metal install and it didn't work until I changed this IP to my real IP.
>
> I'm not sure what's going on there.. I presumed this was the main configuration and that it was incorrect, but maybe I'm off base there. However, whatever is happening, I installed the latest ovirt-server rpm and the apache config is not working.
>
> Ian
Actually, I thought this was indeed for the installer as well, despite
the title of the patch. ovirt-server.conf is still installed in this
case, and in ovirt.pp, this block:
file_replacement{"ovirt_httpd_config_change":
file => "/etc/httpd/conf.d/ovirt-server.conf",
pattern => "192\.168\.50\.2",
replacement => "$mgmt_ipaddr",
require => Package[ovirt-server]
}
updates the ip. However, if one of the 2 occurrences of the ip in that
file changed, but not the other, you may not have the latest ace from
ovirt.org. Your version should be 0.7-2 I believe. In previous
versions, there was a bug where it only replaced one match rather than
all. Also, and this may be a current bug, previously httpd was not
restarted, so these changes did not pick up until you did so.
-j
More information about the ovirt-devel
mailing list