Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Starting in Abiquo 3.0 the client is HTML. This means that how security and login works differs from previous versions. Now security beyond first login is enforced with cookies. This means that is the browser which must send the cookie back to the API. This mechanism is described here[1].

The upload/download of templates is made through a direct connection to the Appliance Manager. Then it sends a request to the API to check whether the user is authorize to perform the requested action. This request is basically a replica of the original request to the Appliance Manager.

In a multi datacenter environment API and AM might not be on the same host. This prevent the cookie from being sent, therefore the identity cannot be established. Even if CORS is working this will only  allow the result (401) travelling back to the client. To achieve this all Appliance Manager instances must reside in the same domain as the API.

This document describes how to set up a very basic Apache 2 to allow for multiple Appliance Manager instances under an 'example.com' domain. All configuration related to other webapps is omitted.

Abiquo UI configuration

In the file 'client-config.json' the value of the API location must be set to 'example.com':

"config.endpoint": "http://example.com/api"

Host configuration

To ease the configuration it is very convenient that all hosts work on a domain/hostname basis rather than IPs or even 'localhost'.

The domain 'example.com' must resolve to the host. The easiest way is to also set the hostname.

  • Set the host name to 'example.com'
    • \# hostname example.com
  • Edit '/etc/hosts' file and add entries for hosts IPs and '127.0.0.1'

Apache configuration

There are two ways to configure an Apache instance. Appliance Manager instances can be exposed either a path (example.com/am-sweden) or through a subdomain (am-sweden.example.com). The configuration here will show how to set up both in the same configuration file.

Enable mod

The trick here is to modify cookies in the response to add the domain. This enables the browser to send the cookie to 'example.com', 'am-sweden.example.com', 'example.com/am-sweden'. To perform this operation the 'mod-header' needs to be in the Apache.

# a2enmod headers

Create the configuration file

/etc/apache2/sites-available/example.com
<VirtualHost *:80>
	# Admin address
	ServerAdmin admin@example.com
 
	# Domain where is exposed  Abiquo
    ServerName example.com
 
	# Root path (/) instead of /ui
	DocumentRoot /var/www/abiquo/ui
    # Enable the balancer manager console in the server root
    <Location /manager>
        SetHandler balancer-manager
    </Location>
 
	# Do not open the proxy to the world
    ProxyRequests Off

    # Configure the cluster nodes (secondary disabled by default)
    <Proxy balancer://ajp-cluster>
        BalancerMember ajp://localhost:8009 route=node1
    </Proxy>

    # Configure the modules we want to load balance
    <Location /api>
       ProxyPass balancer://ajp-cluster/api
       ProxyPassReverse balancer://ajp-cluster/api
	   # Set the domain in the Cookie (very important to work)
       Header edit Set-Cookie "^(auth=.*)$"  "$1; domain=example.com"
    </Location>

    # Monolithic Appliance Manager
    <Location /am>
       ProxyPass http://localhost:8080/am
       ProxyPassReverse http://localhost:8080/am
    </Location>
 
    # Appliance Manager exposed in path
    <Location /am-sweden>
       ProxyPass http://10.60.1.253:8080/am
       ProxyPassReverse http://10.60.1.253:8080/am
    </Location>
		
	ErrorLog /var/log/apache2/example.com_error.log
	
	LogLevel error


	CustomLog /var/log/apache2/example.com_access.log combined
</VirtualHost>

# Subdomain exposure
<VirtualHost *:80>
	# Here is the subdomain
    ServerName am-denmark.example.com

    ProxyRequests Off
 
	# Requests will go to /am
    <Location /am>
        ProxyPass http://10.60.1.4:8080/am
        ProxyPassReverse http://10.60.1.4:8080/am
    </Location>

    ErrorLog /var/log/apache2/am-denmark.log
    LogLevel error
</VirtualHost>

Enable the site.

# a2ensite example.com
  • No labels