• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

ipxe https

Scheduled Pinned Locked Moved Solved
Bug Reports
3
7
1.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    datnt2509
    last edited by Aug 24, 2019, 8:59 AM

    I try to start loading of files through https, but to me gives permission denied error message, tell that it is necessary to register in default.ipxe normally to be loaded? DOWNLOAD_PROTO_HTTPS and IMAGE_TRUST_CMD are included. To the FAQ it is it is unclear written I cannot understand, somebody can tried, tell in more detail as it becomes?

    1 Reply Last reply Reply Quote 0
    • S
      Sebastian Roth Moderator
      last edited by Aug 24, 2019, 3:35 PM

      @datnt2509 Which version of FOG do you use? The most current version compiles iPXE for you including all the HTTPS stuff and certificates, so there shouldn’t be any need for manual compiling it.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • D
        DBCountMan
        last edited by Aug 26, 2019, 3:07 PM

        the only time ive seen permission issues with ipxe is when the tftproot folder isnt public with read and execute, but that was on my freenas server using dnsmasq for dhcp and tftp. maybe check the permissions on /tftproot and /var/www/fog/service/ipxe.

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Aug 26, 2019, 4:35 PM

          @brakcounty While you are right it kind of sounds like @datnt2509 is running into an issue with trying to PXE boot from a HTTPS enabled FOG server. This is known to cause “permission denied” errors as well - not very user friendly but it’s iPXE’s way of telling that it can’t download via HTTPS (usually a trust issue).

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          1 Reply Last reply Reply Quote 0
          • D
            DBCountMan
            last edited by Aug 26, 2019, 4:46 PM

            Right my freenas server is hosting on http not https via webdav. it is being hosted on an isolated network so i dont see the need to secure it, plus the webdav is set to read only. so FOG is set to ipxe over https by default? how can trust be established at the BIOS or UEFI level?

            1 Reply Last reply Reply Quote 0
            • S
              Sebastian Roth Moderator
              last edited by Aug 27, 2019, 6:20 AM

              @brakcounty said in ipxe https:

              so FOG is set to ipxe over https by default? how can trust be established at the BIOS or UEFI level?

              No it’s not by default. There is a flag for the installer to make it use HTTPS (--force-ssl).

              The trust chain is not going all the way down to BIOS/UEFI firmware. When installing FOG with SSL/HTTPS it compiles iPXE binaries for you that include the self-signed certificate used for HTTPS communication within FOG. So loading iPXE via TFTP can still be considered untrusted but iPXE itself loading the boot menu and FOS kernel is kind of trusted. Be aware that we are not doing this to establish some kind of full trust chain like mechanisms like Secure Boot and other means of DRM work. It’s more a thing of providing a secure channel between client and server.

              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by Feb 4, 2020, 7:36 AM

                Found and fixed, details see here: https://forums.fogproject.org/topic/14115/boot-php-permission-denied

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                241

                Online

                12.0k

                Users

                17.3k

                Topics

                155.1k

                Posts
                Copyright © 2012-2024 FOG Project