
Hi, We want to split admin, user and grafana login pages. As you know all in main page. So, this might get users attention and they may try to login and get their accounts locked or worse :) Thanks

Hi, The login for all 3 portals are separated, so you can reach each one of them directly: For Administration Portal: https://manager-*fqdn/ovirt-engine/webadmin* <https://manager-fqdn/ovirt-engine/webadmin> *For VM Portal: https://manager-fqdn/ovirt-engine/web-ui <https://manager-fqdn/ovirt-engine/web-ui>* *For Monitoring Portal (Grafana): https://manager-fqdn/virt-engine-grafana <https://manager-fqdn/virt-engine-grafana>* They all are referred from the oVirt landing page (https://manager- *fqdn/ovirt-engine/* <https://manager-fqdn/ovirt-engine/>) but you can skip that and reach them directly. Thanks, Sharon On Mon, Jan 4, 2021 at 8:44 AM <ozmen62@hotmail.com> wrote:
Hi, We want to split admin, user and grafana login pages. As you know all in main page. So, this might get users attention and they may try to login and get their accounts locked or worse :)
Thanks _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LSIA4P7LM2EOB2...

On Tue, Jan 5, 2021 at 2:10 PM Sharon Gratch <sgratch@redhat.com> wrote:
Hi,
The login for all 3 portals are separated, so you can reach each one of them directly: For Administration Portal: https://manager-*fqdn/ovirt-engine/webadmin* <https://manager-fqdn/ovirt-engine/webadmin> *For VM Portal: https://manager-fqdn/ovirt-engine/web-ui <https://manager-fqdn/ovirt-engine/web-ui>* *For Monitoring Portal (Grafana): https://manager-fqdn/ovirt-engine-grafana <https://manager-fqdn/virt-engine-grafana>*
I fixed the Monitoring Portal (Grafana) url (one char was missing on my previous mail).
They all are referred from the oVirt landing page (https://manager- *fqdn/ovirt-engine/* <https://manager-fqdn/ovirt-engine/>) but you can skip that and reach them directly.
Thanks, Sharon
On Mon, Jan 4, 2021 at 8:44 AM <ozmen62@hotmail.com> wrote:
Hi, We want to split admin, user and grafana login pages. As you know all in main page. So, this might get users attention and they may try to login and get their accounts locked or worse :)
Thanks _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/LSIA4P7LM2EOB2...

Hi, Yes, we can. But we want to separate them by FQDN for example; http:/virtualpc.example.com --> VM Portal http:/virtualpc-admin.example.com --> Admin Portal http:/virtualpc-grafana.example.com --> Grafana Portal and normal user must don't have permission access to admin or grafana portal web page

On Wed, Jan 6, 2021 at 11:15 AM <ozmen62@hotmail.com> wrote:
Hi, Yes, we can. But we want to separate them by FQDN for example; http:/virtualpc.example.com --> VM Portal http:/virtualpc-admin.example.com --> Admin Portal http:/virtualpc-grafana.example.com --> Grafana Portal
AFAIK this is not supported by oVirt since all should use the engine FQDN for accessing the engine. You can probably use your own customized URL redirection or set a few FQDNs, but It won't solve the problem for separating and it might cause other issues, so I won't recommend it.
and normal user must don't have permission access to admin or grafana portal web page
Sure, so login will fail if a regular user won't have permissions to login to webadmin or grafana. This deals with user permissions management that should be set correctly. It's not related to FQDNs... _______________________________________________
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2J7GQ6ZDXQMGZ3...

Sharon , what about a nginx/apache listening on different virtual hosts and redirecting (actually proxying) to the correct portal ? Do you think that it could work (the certs will not be trusted, but they can take the exception) ? Best Regards,Strahil Nikolov В 17:24 +0200 на 06.01.2021 (ср), Sharon Gratch написа:
On Wed, Jan 6, 2021 at 11:15 AM <ozmen62@hotmail.com> wrote:
Hi,
Yes, we can.
But we want to separate them by FQDN
for example;
http:/virtualpc.example.com --> VM Portal
http:/virtualpc-admin.example.com --> Admin Portal
http:/virtualpc-grafana.example.com --> Grafana Portal
AFAIK this is not supported by oVirt since all should use the engine FQDN for accessing the engine. You can probably use your own customized URL redirection or set a few FQDNs, but It won't solve the problem for separating and it might cause other issues, so I won't recommend it.
and normal user must don't have permission access to admin or grafana portal web page
Sure, so login will fail if a regular user won't have permissions to login to webadmin or grafana. This deals with user permissions management that should be set correctly. It's not related to FQDNs...
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/2J7GQ6ZDXQMGZ3...
_______________________________________________Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/VS4QUWCNVXDL7J...

I believe it's a necessity. All portal are the same page. It's risky. Maybe we can use a WAF to solve the issue.

On Thu, Jan 7, 2021 at 3:18 PM <ozmen62@hotmail.com> wrote:
I believe it's a necessity. All portal are the same page. It's risky. Maybe we can use a WAF to solve the issue.
Risky for what? You have to profile your users, depending on what you want them to be able to do. You can go to the landing page of many sensitive and critical websites...you don't achieve security through obfuscation. Or at least it has never been so in Linux / Open Source world
participants (4)
-
Gianluca Cecchi
-
ozmen62@hotmail.com
-
Sharon Gratch
-
Strahil Nikolov