ConsoleProxyInfo and ConsoleProxyManagerImpl.assignProxy has the relevant code to generate the URL for accessing console. The ConsoleProxyServlet handles the requests, and might be a good starting point if you wish to change the code.
Amogh On 9/20/14 12:01 PM, "France" <[email protected]> wrote: >Hi Amogh, > >thank you for your suggestions and instructions on disabling. > >We will not run a wildcard DNS resolver on certain subdomain as required >for this option. >Once ACS supports single domain for console proxy access, we shall enable >https once again with our signed/bought certificate. > >In the mean time, we either have to move to http from https making access >to whole admin interface insecure or hack the code to display a link to >console instead of iframe. >I would rather go for the latter option. Does anyone who is following >this, know where is the code for that iframe link? > >Thank you. > >F. > >On 20 Sep 2014, at 20:33, Amogh Vasekar <[email protected]> wrote: > >> Hi, >> >> I believe this is by design for SSL - a user would see a HTTPS site >> thinking everything is secure and encrypted, only to realize later that >> some part is in fact insecure. Hence, instead of trying to circumvent >>the >> security mechanism, you can try the steps at : >> >>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Repla >>ce >> >>+realhostip.com+with+Your+Own+Domain+Name#ProceduretoReplacerealhostip.co >>mw >> ithYourOwnDomainName-HowtogeneratemycustomrootCAandcertificate? >> >> This would help create your own certificate chain. The downside being >>your >> users would need to add the custom root CA in the browser (a practice >> followed by many companies for internal network), or simply accept the >> security warning the first time they access your domain. >> Please note that this would still need a publicly resolvable domain (or >> add the mappings directly in /etc/hosts if it is more convenient) >> >> Thanks, >> Amogh >> >> On 9/20/14 11:22 AM, "France" <[email protected]> wrote: >> >>> It worked for us. Well kind of. >>> >>> The problem is now, that we have https for default admin interface, >>>while >>> console opens as iframe to http content and browsers such as firefox >>>will >>> not load content, because it is not on https. >>> They call it: "Mixed Content Blocking Enabled²: >>> >>>https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled >>>-i >>> n-firefox-23/ >>> >>> Do you have any recommendations what to do in order to get around this? >>> >>> We will not buy a wildcard certificate, because it is to expensive for >>>us. >>> >>> Regards, >>> F. >>> >>> On 20 Sep 2014, at 15:21, France <[email protected]> wrote: >>> >>>> I will just empty these two fields in global config: >>>> >>>> secstorage.ssl.cert.domain >>>> consoleproxy.url.domain >>>> >>>> restart CS and restart the console proxy.. >>>> >>>> Š and hope for the best. :-) >>>> >>>> If you do not hear from me on this, then this worked and others can do >>>> it too. >>>> >>>> Regards, >>>> F. >>>> >>>> >>>> On 20 Sep 2014, at 15:16, Aldis Gerhards <[email protected]> wrote: >>>> >>>>> We got the same problem. It seemed like a bug :) we downgraded back >>>>>to >>>>> 4.3.0 because pf this issue. >>>>> >>>>> Sent from my iPhone >>>>> >>>>>> On 2014. gada 20. sept., at 15:39, France <[email protected]> >>>>>>wrote: >>>>>> >>>>>> Hi guys, >>>>>> >>>>>> how do we disable realhostip.com service with its certificates on >>>>>>ACS >>>>>> 4.3.1, to get consoleproxy working without ties to realhostip.com >>>>>> service? >>>>>> We are happy with HTTP only for now. >>>>>> >>>>>> Regards, >>>>>> F. >>>> >>> >> >
