[GitHub] [cloudstack-primate] weizhouapache commented on pull request #898: Add multiple management server support

Mon, 18 Jan 2021 08:00:22 -0800 


weizhouapache commented on pull request #898:
URL: 
https://github.com/apache/cloudstack-primate/pull/898#issuecomment-762337889


   > > > > @wido this is a good way to avoid CORS. thanks for sharing.
   > > > > To set cookie of other domains, you need to enable 3rd-party cookie 
on server side.
   > > > > `Set-Cookie: SiteSite=None; Secure`
   > > > > if you use nginx, add `proxy_cookie_path / "/; Secure; 
SameSite=None;";`
   > > > > it also means both server and client side must be secure (https)
   > > > 
   > > > 
   > > > This is something I would need to investigate. Haven't been able to do 
so yet.
   > > 
   > > 
   > > @wido I have tested it with nginx. it works well.
   > > setting cookie header is supported by haproxy 1.8+
   > 
   > Would you be so kind to share your Nginx configuration? This could then 
also go into the docs of the UI
   
   @wido 
   here are my nginx configurations
   
   (1) config.json on primate server
   
   ```
   {
     "servers": [
       {
         "name": "mgt01",
         "apiBase": "/mgt01/client/api"
       },
       {
         "name": "mgt02",
         "apiBase": "/mgt02/client/api"
       },
       {
         "name": "mgt03",
         "apiBase": "/mgt03/client/api"
       }
     ],
   ```
   (2) nginx config on primate server
   ```
   server {
       listen                      443 ssl http2;
       server_name                 *.cloud.your.domain;
   ......
       location / {
   ......
           location ^~ /mgt01/client {
               rewrite ^/mgt01/(.*)$ /$1 break;
               proxy_pass   https://mgt01.cloud.your.domain;
           }
   
           location ^~ /mgt02/client {
               rewrite ^/mgt02/(.*)$ /$1 break;
               proxy_pass   https://mgt02.cloud.your.domain;
           }
   
           location ^~ /mgt03/client {
               rewrite ^/mgt03/(.*)$ /$1 break;
               proxy_pass   https://mgt03.cloud.your.domain;
           }
       }
   }
   ```
   
   
   (3) nginx on cloudstack management server
   ```
   upstream mgtservers {
       hash $request_uri consistent;
       server 10.10.10.10:8080;
   }
   
   server {
       listen                      443 ssl http2;
       server_name                 *.cloud.your.domain;
   ......
       location / {
   ......
           proxy_pass http://mgtservers;
           proxy_cookie_path / "/; Secure; SameSite=None;";
       }
   }
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to