Guest Less Fequa Posted November 11, 2019 Share Posted November 11, 2019 I have a problem about this thicket I have a cluster vcenter ip address is local : 192.168.0.150 and hosts ip addresses is 192.168.0.156 to 192.168.0.160 I can't install sign ssl on private ip address how can I connect to console without ssl to solve ssl certificate problem ? Quote Link to post Share on other sites
Guest Евгений Romanoff Posted November 11, 2019 Share Posted November 11, 2019 I`ve managed to get console working via proxy, Quote Link to post Share on other sites
Guest Less Fequa Posted November 11, 2019 Share Posted November 11, 2019 Can you please send me the steps to run it on private network? like how you make it working with private IP Quote Link to post Share on other sites
Guest Евгений Romanoff Posted November 11, 2019 Share Posted November 11, 2019 we have private dns zone storm-pro.net which points to private ip addresses and is available only through our vpn, but also same zone exists in public and all our esxi hostnames points to a single public ip which is on proxy and the proxy in turn direct requests to the particular esxi in our private network according to the Host header can give you haproxy config we`re using if needed, but i have to obfuscate it a bit). oh, and the proxy uses valid ssl certificate on the public ip Quote Link to post Share on other sites
Guest manvinder Posted November 11, 2019 Share Posted November 11, 2019 Can you send the detailed information if someone running the esxi in private network how they can fix Which proxy server are you using?and does the proxy forward the request with port 443 to the esx?so storm-pro.net is a dns service? Quote Link to post Share on other sites
Guest manvinder Posted November 11, 2019 Share Posted November 11, 2019 hello Which proxy server are you using? WHMCS Global Services, 01-11-2019 it`s haproxy and does the proxy forward the request with port 443 to the esx? WHMCS Global Services, 01-11-2019 that`s correct so storm-pro.net is a dns service? WHMCS Global Services, 01-11-2019 there two independent dns zones: private storm-pro.net and public storm-pro.net Quote Link to post Share on other sites
Guest Евгений Romanoff Posted November 11, 2019 Share Posted November 11, 2019 You should have haproxy.cfg file like this global nbproc 2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 65535 user haproxy group haproxy log-tag haproxy20 log /dev/log local7 info daemon #debug ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM- ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCMSHA384 ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets tune.ssl.default-dh-param 2048 defaults mode http log global option abortonclose option httplog clf option dontlognull option http-server-close option http-pretend-keepalive no option redispatch retries 3 timeout http-request 45s timeout queue 60s timeout connect 45s timeout client 1m timeout server 1m timeout tunnel 1h timeout http-keep-alive 30s timeout check 10s timeout tarpit 60s maxconn 65535 ## FRONTS listen stats bind <PRIVATE_IP>:81 balance mode http stats enable #stats auth admin:admin stats hide-version stats uri /hastats frontend main-https bind <PUBLIC_IP>:443 ssl crt /path/to/ssl.bundle alpn http/1.1 #tcp-request inspect-delay 500ms tcp-request content accept if HTTP log global acl acl_requrl path_beg -i /ticket/ http-request deny deny_status 403 if ! acl_requrl use_backend be_dc1-hv1 if { hdr(host) -i dc1-hv1.storm-pro.net } use_backend be_dc2-hv1 if { hdr(host) -i dc2-hv1.storm-pro.net } default_backend be_dummy ## BACKS backend be_dummy http-request deny deny_status 403 backend be_dc1-hv1 log global server dc1-hv1 dc1-hv1.storm-pro.net:443 ssl verify none backend be_dc2-hv1 log global server dc2-hv1 dc2-hv1.storm-pro.net:443 ssl verify none Quote Link to post Share on other sites
Guest Guest Kwashi Posted November 14, 2019 Share Posted November 14, 2019 On 11/11/2019 at 1:10 AM, Guest Less Fequa said: Can you please send me the steps to run it on private network? like how you make it working with private IP were you able to fix it using the proxy? I can also provide you with what I did to make it work. Quote Link to post Share on other sites
Guest Евгений Romanoff Posted November 20, 2019 Share Posted November 20, 2019 On 11/14/2019 at 7:10 PM, Guest Guest Kwashi said: were you able to fix it using the proxy? I can also provide you with what I did to make it work. Yes please it will helpfull. Quote Link to post Share on other sites
Recommended Posts