You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As we continue to build out our large foreman/salt infrastructure, we use multiple load balancers for the foremanUI, API, etc. It is common use with load balancers to set them up as ssl managed, where as you forward port 443 from the load balancer, to 443 on the foreman server. But then you modify the apache configuration to be https, without the SSL engine itself. This allows the load balancer to handle http traffic via SSL, then forward it to the Foreman servers, where the SSL ends.
The current script will not work this way, as it does a check for https. If https is enabled in the config file this if will run:
if config[":proto"] == "https":
Which will look for ssl certs, and fail. The foreman-node script, for example, doesnt care if you set it to https or http. It will only use the ssl certs if they are NOT empty.
This isnt a bug so to say, but it will prevent people from using the script if they are using managed load balancers.
I edited the script to ignore the checking of https, and instead check to see if ssl_cert and ssl_key are empty or not. If they are empty, it assumes ssl is not enable, but still uses https.
The text was updated successfully, but these errors were encountered:
As we continue to build out our large foreman/salt infrastructure, we use multiple load balancers for the foremanUI, API, etc. It is common use with load balancers to set them up as ssl managed, where as you forward port 443 from the load balancer, to 443 on the foreman server. But then you modify the apache configuration to be https, without the SSL engine itself. This allows the load balancer to handle http traffic via SSL, then forward it to the Foreman servers, where the SSL ends.
The current script will not work this way, as it does a check for https. If https is enabled in the config file this if will run:
Which will look for ssl certs, and fail. The foreman-node script, for example, doesnt care if you set it to https or http. It will only use the ssl certs if they are NOT empty.
This isnt a bug so to say, but it will prevent people from using the script if they are using managed load balancers.
I edited the script to ignore the checking of https, and instead check to see if ssl_cert and ssl_key are empty or not. If they are empty, it assumes ssl is not enable, but still uses https.
The text was updated successfully, but these errors were encountered: