XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. romain_q
    R
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 2
    • Best 1
    • Controversial 0
    • Groups 0

    romain_q

    @romain_q

    1
    Reputation
    1
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    romain_q Unfollow Follow

    Best posts made by romain_q

    • RE: Reverse Proxy with Apache

      Hello @olivierlambert
      I did not came accross this page with my research but yes this is correct too.

      Sorry If my most was not clear but the config I pasted IS working 🙂

      (By the way, huge fan here 😊 👏)

      posted in Xen Orchestra
      R
      romain_q

    Latest posts made by romain_q

    • RE: Reverse Proxy with Apache

      Hello @olivierlambert
      I did not came accross this page with my research but yes this is correct too.

      Sorry If my most was not clear but the config I pasted IS working 🙂

      (By the way, huge fan here 😊 👏)

      posted in Xen Orchestra
      R
      romain_q
    • RE: Reverse Proxy with Apache

      @rraines Hello, for anyone reaching this page, I had some issues regarding the XOA behind an Apache Reverse Proxy.
      Here is the config that works for me, with HTTPS exposed VirtualHost and HTTPS used to connect to the appliance.
      Versions:
      OS: Debian GNU/Linux 11 (bullseye)
      apache2: 2.4.52-1~deb11u2

      <VirtualHost *:443>
        ServerName MYSERVERNAME
        ServerAdmin MYSERVERADMIN

        #CustomLog /var/log/apache2/ihm-xoa-access.log combined

        SSLCertificateFile /etc/ssl/lets-encrypt/MYDOMAINNAME/cert.pem
        SSLCACertificateFile /etc/ssl/lets-encrypt/MYDOMAINNAME/chain.pem
        SSLCertificateKeyFile /etc/ssl/lets-encrypt/MYDOMAINNAME/privkey.pem
        SSLProtocol -ALL +TLSv1.2
        SSLEngine On
        SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!RC4:!3DES

# Required with SSL setup (Also required if the virtualhost is exposed in HTTPS and the backend connection is performed in HTTP)
        SSLProxyEngine On
        SSLProxyCheckPeerCN off

# Handle the websocket part with proxy_wstunnel apache module
        RewriteEngine on
        RewriteCond %{HTTP:Upgrade} websocket [NC]
        RewriteCond %{HTTP:Connection} upgrade [NC]
        RewriteRule ^/?(.*) "wss://MYSERVERNAME/$1" [P,L]

        ProxyPass /balancer-manager !
        <Location /balancer-manager>
                SetHandler balancer-manager
                Require ip MYIPLIST
        </Location>

        <Proxy balancer://xoa-cluster/*>
                BalancerMember https://XO_APPLIANCE_IP:443 route=XO_APPLIANCE_NAME
                Options -Indexes +FollowSymLinks +MultiViews
                Require ip MYIPLIST2
        </Proxy>
# no need for specificic ProxyPass
        ProxyPass               /  balancer://xoa-cluster/
        ProxyPassReverse        /  balancer://xoa-cluster/
</VirtualHost>

      I hope this will help someone.

      posted in Xen Orchestra
      R
      romain_q