Run the Management Console on nginx

Nginx is a web server that manages SSL connections, and acts as a reverse proxy server, which redirects http protocol to https protocol.

Enable nginx to Start with eucaconsole

When you install the Management Console, nginx is installed automatically. By default, the console is configured to use secure HTTP to allow secure connections from a web server to a browser.

  • No procedure is required to enable nginx to start with eucaconsole, as it is part of the standard console installation and execution process.
  • If you edit any of the parameters in the nginx.conf file, you must first stop the eucaconsole service and restart it for the changes to take effect:
    systemctl stop eucaconsole.service 
    systemctl restart eucaconsole.service

Use Your Own Certificates

The Management Console generates self-signed certificates by default but can use your own certificates to run the console instead.

This procedure involves copying over your certificate files:

  1. Stop eucaconsole and nginix, using the single command:
    systemctl stop eucaconsole.service
  2. Edit the file /etc/sysconfig/eucaconsole to add:
    GENERATE_CERT=NO
  3. Copy your certificates file from cert/key to /etc/eucaconsole/console.key and /etc/eucaconsole/console.crt.
    Note: The path shown above are the default locations for the certificate files. You may place them in another location if you prefer, but you must edit the ssl_certificate and the ssl_certificate_key in /etc/nginx/nginx.conf to point to the correct location.
  4. Start the eucaconsole service:
    systemctl start eucaconsole.service

Enable the Console to Run on Port 80

You can run the console on non-secure connections using HTTP. In order to configure the console without enabling secure connections, use port 80 instead. To accomplish this, nginx act as a proxy.

To run your console on port 80:

  1. Locate the default configuration file from conf/nginx.conf.
  2. Locate and remove the entire server section containing the https rewrite rule:
    server {
        listen 80 default;
        server_name ~^(?<domain>.+)$;
        rewrite     ^ https://$domain$request_uri? permanent;
    }
  3. Verify the nginx.conf file contains the following lines:
    listen 80;
    server_name  localhost;
  4. If the file does not specify port 80 on the 'listen' directive, change it to reflect the above.
  5. Restart the eucaconsole service using the following command:
    systemctl restart eucaconsole.service
    Note: This command restarts nginx automatically. There is no need to run nginx manually.
  6. Verify the /etc/eucaconsole/console.ini has the session.secure = parameter set to false, per this example:
    session.secure = false
    Note: If only port 80 is used (i.e. HTTPS isn't configured via port 443), the session.secure setting must equal false.
  7. The UI proxy is used behind nginx on the same host and therefore, the default host setting is configured to listen on localhost only. Verify the host setting under the [server:main] section is set to 127.0.0.1, for localhost, per this example:
    [server:main]
    use = egg:gunicorn#main
    host = 127.0.0.1
    port = 8888
    Note: If you prefer to accept connections from anywhere, you can configure the proxy by setting it to 0.0.0.0.
x