Changes between Version 2 and Version 3 of ipmi


Ignore:
Timestamp:
Feb 8, 2019, 8:32:30 AM (6 months ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ipmi

    v2 v3  
    2626[[Image(6.advanced-console-redirection-settings-second.png​)]]
    2727[[Image(7.ipmi-settings.png)]]
     28
     29== Enable http redirections ==
     30
     31On robideau, we have the following nginx configuration to allow web-based proxying:
     32
     33{{{
     34#server {
     35#  listen 80;
     36#  server_name ipmi.john.mayfirst.org;
     37#  root /var/www/html;
     38#  location /.well-known/acme-challenge {
     39#    try_files $uri $uri/ =404;
     40#  }
     41#  location / {
     42#    return 301 https://$host$request_uri;
     43#  }
     44#}
     45
     46server {
     47  listen 443;
     48  server_name ipmi.john.mayfirst.org;
     49  location /.well-known {
     50    root /var/www/html;
     51  }
     52  location / {
     53    access_log off;
     54    proxy_pass http://192.168.56.3:80;
     55    proxy_set_header X-Real-IP $remote_addr;
     56    proxy_set_header Host $host;
     57    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     58    proxy_set_header Upgrade $http_upgrade;
     59    proxy_set_header Connection "Upgrade";
     60  }
     61
     62  ssl on;
     63  ssl_certificate_key /etc/letsencrypt/live/ipmi.john.mayfirst.org/privkey.pem;
     64  ssl_certificate /etc/letsencrypt/live/ipmi.john.mayfirst.org/fullchain.pem;
     65
     66  ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
     67
     68  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     69  ssl_session_cache shared:SSL:10m;
     70
     71  ssl_prefer_server_ciphers on;
     72  ssl_dhparam /etc/ssl/dhparam.pem;
     73
     74  add_header Strict-Transport-Security max-age=63072000;
     75  add_header X-Content-Type-Options nosniff;
     76}
     77}}}
     78
     79The commented out section must be un-commented initially to allow lets encrypt to create a proper initial certificate.
     80
     81Also, you need to create dlparams with:
     82
     83{{{
     84openssl dhparam -out /etc/ssl/dhparam.pem 2048
     85}}}