Page Comparison

...

Stop Apache on the AM (/etc/init.d/httpd stop)
In the database the URI of the Appliance Manager in remote services now points directly to the API, which means the URI should be something like "https://server263:443/am"
Restart the abiquo-tomcat service on both machines. Remember to restart Apache on the API+Server machine as well.

Apache Frontend + SSL to client + SSL to AM in Abiquo 3.x

The following configuration has been performed in order to avoid Cross-Origin (CORS) problems with the new Abiquo client in HTML5 using Apache + SSL.

The best way to go is to complete all the previous steps, then we will have to do the following modifications:

In the /opt/abiquo/tomcat/conf/server.xml, we should remove the connector which uses port 8010 and leave the file like this:

<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">

</Host>
</Engine>
</Service>
</Server>

The next step will be modify /etc/httpd/conf.d/proxy_ajp.conf file and change ports from 8010 to 8009, which is the only connector we will use with the AJP. Keep on mind to leave the AM location with the port 8010 as explained in the previous part "Adding SSL to AM". The file should be like this:

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

<VirtualHost *:80>
RewriteEngine On
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
</VirtualHost>

<VirtualHost *:443>
RewriteEngine On
ProxyRequests Off
ProxyPreserveHost On

<Directory "/opt/abiquo/tomcat/webapps/ui/">
Options MultiViews
AllowOverride None
Order allow,deny
Allow from all

</Directory>
RewriteRule ^/ui$ /ui/ [R]

<Location /ui>
ProxyPass ajp://servermaster:8009/ui/
ProxyPassReverse ajp://servermaster:8009/ui/
</Location>

<Location /api>
ProxyPass ajp://servermaster:8009/api
ProxyPassReverse ajp://servermaster:8009/api
</Location>

<Location /legal/>
ProxyPass ajp://servermaster:8009/legal/
ProxyPassReverse ajp://servermaster:8009/legal/
</Location>

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

<Location /am>
ProxyPass ajp://rsmaster:8010/am
ProxyPassReverse ajp://rsmaster:8010/am
</Location>

</VirtualHost>

And the last file which needs to be modified is /opt/abiquo/tomcat/webapps/ui/config/client-config.json. Once there, search for the "config.endpoint" attribute and leave it like this:

"config.endpoint": "https://servermaster:443/api"

Remember, "servermaster" is the hostname where the API and the client are running.

Last step is restart the abiquo-tomcat service on API+client machine and the Apache as well.

Versions Compared

Old Version 8

New Version 9

Key

Apache Frontend + SSL to client + SSL to AM in Abiquo 3.x