Sticking MAAS behind https for web and api?
jim at tilander.org
Fri Feb 17 17:48:14 UTC 2017
I’m on 2.1.2+bzr5555-0ubuntu1~16.04.1.
Does the commandline do anything except change the regiond.conf file? Because I just hand edited the config file before and that’s when the enlistment and commissioning stopped working since they all try to talk to the API service via that link, but the twisted service doesn’t seem to know about HTTPS?
Or is there any special place I need to place the certificate for the twisted service?
I’ve got a wildcard certificate for my domain, and it works for the web service right now (although just through apache).
> On Feb 17, 2017, at 9:42 AM, Peter Matulis <peter.matulis at canonical.com> wrote:
> It should definitely change the URL in /etc/maas/regiond.conf . I just
> tried it. Although I am running 2.2 (beta2).
> You would also need to use the server name that is on the SSL
> certificate (not 'localhost').
> On Fri, Feb 17, 2017 at 12:27 PM, Jim Tilander <jim at tilander.org> wrote:
>> I hadn’t. I tried that command, it didn’t seem to change /etc/maas/regiond.conf (where is the URL setting kept?)
>> Restarting the maas-regiond afterwards broke the webUI, no response. I had to revert back.
>>> On Feb 17, 2017, at 6:44 AM, Peter Matulis <peter.matulis at canonical.com> wrote:
>>> Did you change the MAAS URL?
>>> sudo maas-region local_config_set --maas-url https://localhost:5240/MAAS
>>> sudo systemctl restart maas-regiond
>>> On Tue, Feb 14, 2017 at 9:44 PM, Jim Tilander <jim at tilander.org> wrote:
>>>> So I’ve been trying to stick my server behind https, with little success.
>>>> I’ve added an extra site in the apache config and stuck a certificate in place. I can hit https and the site *kind* of works, but there are still some strange redirects back to regular http (notably after the login).
>>>> Is there any config that I can modify to disable the redirects to regular http?
>>>> There is also a config file in /etc/maas/regiond.conf (I think that’s the file from memory here) that list the twisted port the python service is running under. This is a http port. Is there any way that I can change this to be served under https? (simply changing it to https doesn’t seem to work so well).
>>>> Maas-devel mailing list
>>>> Maas-devel at lists.ubuntu.com
>>>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
More information about the Maas-devel