...
Your users will connect to the Abiquo UI over HTTPS with TLS.
You can run Abiquo over HTTP to communicate between its servers when these connections are internal using HTTP for internal connections between servers within the same infrastructure/datacenter network.
When But when users upload or download templates, they need a direct connection to the Appliance Manager remote service, and this connection must also be made with TLS.
| Tip |
|---|
The Abiquo Monolithic Server has a self-signed certificate and the connection to the appliance manager is preconfigured to use TLS |
When the Abiquo remote services will connect to the Abiquo Server over the internet, these communications should also use TLS.
| Mermaid | ||||||
|---|---|---|---|---|---|---|
| ||||||
{"diagramDefinition":"flowchart LR\nA--HTTP-->P(RemoteServices)\nsubgraph Abiquo Platform \n A\n P\nend\nX(Cloud User)<--HTTPS-->P\nX(Cloud User)--HTTPS-->A(Abiquo Server)\nY(Remote RS)--HTTPS-->A\nX(Cloud User)<--HTTPS-->Y\n style A fill:#ec9032,stroke:#666,stroke-width:2px,color:#fff\n style P fill:#ec9032,stroke:#666,stroke-width:2px,color:#fff\n style Y fill:#ec9032,stroke:#666,stroke-width:2px,color:#fff"} |
TLS for distributed scalable server
For the distributed scalable server, we recommend that you configure the communications for the API to the remote services with TLS. This also means that you have the configuration to upload and download templates.
To use TLS between the API and remote services, configure the following certificates:
API server cacerts → RS certificate
RS server .jks keystore → RS and API certificates
RS server cacerts → RS and API certificates
...
Abiquo UI certificates
The server OVA has a self-signed certificate called abiquo.crt that you can find in this folder /etc/pki/tls/certs.
...