9:16 a.m.
Apache uses ajp to communicate with engine on port 8702. You can redirect
from Apache with a simple RewriteCond
to jboss port 8543 but certificate verification is not going to work which
will cause issues with all oVirt tools.
More over oVirt SSO is not going to let you access UI on port other than
443 when installed through rpms.
You will need to fiddle with the database to update the redirect uris in
the sso_clients table.
The best you can do is change the proxy port in
/etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf and keep the AJP in
place.
Why are you trying to by pass Apache?
On Thu, Feb 14, 2019 at 9:25 AM du_hongyu(a)yeah.net <du_hongyu(a)yeah.net>
wrote:
sorry I describe errror,
my /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
ENGINE_FQDN=localhost.localdomain
ENGINE_PROXY_ENABLED=false
ENGINE_PROXY_HTTP_PORT=None
ENGINE_PROXY_HTTPS_PORT=None
ENGINE_AJP_ENABLED=false
ENGINE_AJP_PORT=None
ENGINE_HTTP_ENABLED=true
ENGINE_HTTPS_ENABLED=false
ENGINE_HTTP_PORT=8080
ENGINE_HTTPS_PORT=8443
I know install ovirt-engine from source in a developer setup, this can
visit engine by http. and not apache in the frontend. but I want to
visit engine that is installed rpm by http?
Besides I realize apache not redirect http to https ovirt jboss redirect
http to https?
------------------------------
Regards
Hongyu Du
*From:* Greg Sheremeta <gshereme(a)redhat.com>
*Date:* 2019-02-14 19:24
*To:* du_hongyu(a)yeah.net
*CC:* Ravi Nori <rnori(a)redhat.com>; users <users(a)ovirt.org>
*Subject:* Re: Re: [ovirt-users] access engine by http
Sorry, I'm still not understanding what you are trying to achieve. Nothing
is on 8843 - ?
If you install ovirt-engine from source in a developer setup, it's 8080
http by default and no apache in front. Maybe try that.
Greg
On Thu, Feb 14, 2019 at 12:14 AM du_hongyu(a)yeah.net <du_hongyu(a)yeah.net>
wrote:
> hi Greg, Ravi
> thanks, https is ok,when I try to visit http://ip:8080/ovirt-engine but
> still rediect https://192.168.122.176:8443/tchyp-engine/, I want to
> know How to redirect to 8843?
> Besides I try to disable ssl by comment /etc/httpd/conf/httpd.conf
> #IncludeOptional conf.d/*.conf,
> But http is still redirect to https, I should how disable redirect?
> I find this file /usr/share/ovirt-engine/services/ovirt-engine/
> ovirt-engine.xml.in, I try to delete follow line. but ovirt-engine
> server is not boot
> <socket-binding
> name="redirect"
> port="{{ HTTPS_PORT }}"/>
> /var/log/ovirt-engine/boot.log has some error?
> 13:12:43,144 INFO [org.jboss.as] WFLYSRV0049: WildFly Full 11.0.0.Final
> (WildFly Core 3.0.8.Final) starting
> 13:12:44,644 INFO [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/core-service=management/management-interface=native-interface' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,646 INFO [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/core-service=management/management-interface=http-interface' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'security-realm' in the resource at address
> '/subsystem=undertow/server=default-server/https-listener=https' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,677 INFO [org.jboss.as.controller.management-deprecated]
> WFLYCTL0028: Attribute 'enabled-protocols' in the resource at address
> '/subsystem=undertow/server=default-server/https-listener=https' is
> deprecated, and may be removed in future version. See the attribute
> description in the output of the read-resource-description operation to
> learn more about the deprecation.
> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found restapi.war in deployment directory. To trigger deployment create a
> file called restapi.war.dodeploy
> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found engine.ear in deployment directory. To trigger deployment create a
> file called engine.ear.dodeploy
> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found ovirt-web-ui.war in deployment directory. To trigger deployment
> create a file called ovirt-web-ui.war.dodeploy
> 13:12:44,840 INFO [org.jboss.as.server.deployment.scanner] WFLYDS0004:
> Found apidoc.war in deployment directory. To trigger deployment create a
> file called apidoc.war.dodeploy
> 13:12:44,895 ERROR [org.jboss.as.controller] WFLYCTL0362: Capabilities
> required by resource
> '/subsystem=undertow/server=default-server/http-listener=http' are not
> available:
> org.wildfly.network.socket-binding.redirect; Possible registration
> points for this capability:
> /socket-binding-group=*/socket-binding=*
> 13:12:44,900 FATAL [org.jboss.as.server] WFLYSRV0056: Server boot has
> failed in an unrecoverable manner; exiting. See previous messages for
> details.
> 13:12:44,920 INFO [org.jboss.as] WFLYSRV0050: WildFly Full 11.0.0.Final
> (WildFly Core 3.0.8.Final) stopped in 13ms
>
>
> ------------------------------
>
> Regards
>
> Hongyu Du
>
>
> *From:* Greg Sheremeta <gshereme(a)redhat.com>
> *Date:* 2019-02-14 04:08
> *To:* du_hongyu(a)yeah.net; Ravi Nori <rnori(a)redhat.com>
> *CC:* users <users(a)ovirt.org>
> *Subject:* Re: [ovirt-users] access engine by http
> What are you trying to achieve? SSL is good :)
>
> I suspect you have to disable ssl in the apache server
> /etc/httpd/conf.d/ssl.conf
> but I'm not really sure.
>
> And, if you do, I suspect some things that use certificates won't work,
> either (console, disk upload, etc.)
>
> Ravi might know more.
>
> Greg
>
> On Wed, Feb 13, 2019 at 3:39 AM du_hongyu(a)yeah.net <du_hongyu(a)yeah.net>
> wrote:
>
>> I want to access engine by http, after engine-setup success, I fix
>> /etc/ovirt-engine/engine.conf.d/10-setup-protocols.conf
>>
>> ENGINE_FQDN=localhost.localdomain
>> ENGINE_PROXY_ENABLED=false
>> ENGINE_PROXY_HTTP_PORT=None
>> ENGINE_PROXY_HTTPS_PORT=None
>> ENGINE_AJP_ENABLED=false
>> ENGINE_AJP_PORT=None
>> ENGINE_HTTP_ENABLED=true
>> ENGINE_HTTPS_ENABLED=false
>> ENGINE_HTTP_PORT=8080
>> ENGINE_HTTPS_PORT=443
>>
>> but I access http://ip:8080/ovirt-engine , still browser is redirect
>> to https, I should how to disable redirect?
>>
>>
>>
>> ------------------------------
>>
>> Regards
>>
>> Hongyu Du
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5K4Z2Y5ORRC...
>>
>
>
> --
>
> GREG SHEREMETA
>
> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
>
> Red Hat NA
>
> <https://www.redhat.com/>
>
> gshereme(a)redhat.com IRC: gshereme
> <https://red.ht/sig>
>
>
--
GREG SHEREMETA
SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
Red Hat NA
<https://www.redhat.com/>
gshereme(a)redhat.com IRC: gshereme
<https://red.ht/sig>