AW: How to configure TLS on ACS 4.11.1 Web UI

Mon, 17 Sep 2018 22:37:10 -0700 

Why not using nginx as a reverse proxy ?
To start with, check my example config (replace ip, hostname and of course 
generate a dhparam file and use a valid certificate).
Will produce an A+ on ssllabs test and downwards compatibles to old browsers !

server {
      listen 10.1.1.1:80;
      server_name cloudstack.example.com;
      ## redirect http to https ##
      rewrite  ^ https://$server_name/client/ permanent;
}

server {
      listen      10.1.1.1:443;
      server_name cloudstack.example.com;

      rewrite  ^/$  https://cloudstack.example.com/client/  permanent;

    ### ssl config - customize as per your cert files ###
     ssl on;
     ssl_certificate      /etc/ssl/certs/cloudstack.example.com.pem;
     ssl_certificate_key  /etc/ssl/private/cloudstack.example.com.key;
     ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
     ssl_prefer_server_ciphers on;
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
     keepalive_timeout    70;
     ssl_session_cache    shared:SSL:10m;
     ssl_session_timeout  10m;

    ## Reverse Proxy
      location / {
        add_header           Front-End-Https    on;
        add_header  Cache-Control "public, must-revalidate";
        add_header Strict-Transport-Security "max-age=63072000; 
includeSubdomains; preload";
        add_header X-Frame-Options "DENY";
        proxy_pass  http://127.0.0.1:8080;
        proxy_next_upstream error timeout invalid_header http_500 http_502 
http_503;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      }
}

Best regards
Franz Skale

Rechenzentrum-Services


Citycom Telekommunikation GmbH
Gadollaplatz 1
8010 Graz | Austria

T: +43(316)887-6264
M: +43(664)88275444
E: [email protected]
www.citycom-austria.com

FN 165640p, Landes- als Firmenbuchgericht Graz
UID-Nr.: ATU 61241999



________________________________________
Von: Netlynker <[email protected]>
Gesendet: Dienstag, 18. September 2018 05:57
An: [email protected]
Betreff: How to configure TLS on ACS 4.11.1 Web UI

Hi,
The document for 4.11.1 is not updated and it is still refering to tomcat
ssl config.

Where can I find information to configure TLS/SSL on ACS 4.11.1 Web UI?

Thanks in advance,
Netlynker

Reply via email to