• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    2019...a step by step activating ssl and complying iPXE with it

    Scheduled Pinned Locked Moved Solved
    FOG Problems
    3
    41
    5.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Tom ElliottT
      Tom Elliott @marted
      last edited by

      @marted If you copy and paste the contents of the logs we can read them much more simply.

      That said, it appears to be failing because your machine is missing the git command.

      I don’t know what OS you’re running, but you should there are numerous programs needed to be installed in order to build iPXE.

      You’ll need to install these programs to successfully build iPXE to begin with.

      First, start with installing git for your OS. (typically apt-get install build-essential wget git or yum -y groupinstall "DevelopmentTools" ; yum -y install git)

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      M 1 Reply Last reply Reply Quote 0
      • M
        marted @Tom Elliott
        last edited by

        @Tom-Elliott Now it works 🙂
        it finished compiling the iPXE and after this I’ve booted a computer and everything was OK, iPXE boot. when it boots a computer It says that it boot http iPXE but I think this is not the right information right?
        the web access is still non secure even with https. Is there any way to fix that?

        Tom ElliottT 1 Reply Last reply Reply Quote 0
        • Tom ElliottT
          Tom Elliott @marted
          last edited by

          @marted TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.

          https://foglabunix/fog/management/other/ca.cert.der

          And put that in your machine’s trust root authority.

          As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          M 3 Replies Last reply Reply Quote 0
          • S
            Sebastian Roth Moderator
            last edited by Sebastian Roth

            @marted said in 2019...a step by step activating ssl and complying iPXE with it:

            when it boots a computer It says that it boot http iPXE but I think this is not the right information right?

            Please take a picture of that and post here.

            Important: In the picture you posted earlier it looks like you run the installer with sudo (sudo ./installfog.sh). You should not! Properly change to the root account using sudo -i und run the installer from that.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • M
              marted @Tom Elliott
              last edited by

              @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

              TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.
              https://foglabunix/fog/management/other/ca.cert.der
              And put that in your machine’s trust root authority.

              Could you tell me where to put exactly the certificate on my server root ?

              Tom ElliottT 1 Reply Last reply Reply Quote 0
              • M
                marted @Tom Elliott
                last edited by

                @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

                As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

                The iPXE was recompiled at the end of the new installation with success. Do I have to start again the installation?

                1 Reply Last reply Reply Quote 0
                • Tom ElliottT
                  Tom Elliott @marted
                  last edited by Tom Elliott

                  @marted Your local machine (the one you’re accessing the FOG GUI from) Trusted Root Authority.

                  This is either Certlm.msc or certmgr.msc (LM = Local Machine, MGR = Current User) in windows.

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  M 1 Reply Last reply Reply Quote 0
                  • Tom ElliottT
                    Tom Elliott
                    last edited by

                    When running the installer, you should only need to use the -S argument. -C forces the installer to recreate the CA certificates. -K forces regenerating the keys for the fog server. the -K won’t be overly problematic but the -C will cause issues

                    the -S just forces HTTPS.

                    As @Sebastian-Roth as requested, please provide a photo of the tftp trying to use http instead of https

                    Thank you,

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      marted @Tom Elliott
                      last edited by

                      @Tom-Elliott got this. Thanks

                      1 Reply Last reply Reply Quote 0
                      • M
                        marted @Tom Elliott
                        last edited by

                        @Tom-Elliott said in 2019...a step by step activating ssl and complying iPXE with it:

                        @marted TO get rid of the “not secure” you see, you need to download the ca.cert from the FOG Server.
                        https://foglabunix/fog/management/other/ca.cert.der
                        And put that in your machine’s trust root authority.
                        As to making iPXE obtain from https, you should be able to do this by reinstalling fog (assuming you didn’t reinstall when building the ipxe binaries)?

                        Tom I have a little bit different configuration from the standard. My FOG server is in private network 192. and I have a NAT IP 132. 1:1 only for my server for accessing it from internet. Even with certificate installed it says that the certificate is only for 192.168 and name foglabunix and not for my address 132.208, which is normal. How can i pass to the certificate my second IP 132.208?
                        Is there a way to add it in fogconfig file in the variable ipaddress both with the private IP or there is other way?
                        By the way in MAC OS when I installed the certificate, even with 132.208 it accepted it and I have a SSL connection with no error.
                        screenshot_4.png

                        Tom ElliottT 1 Reply Last reply Reply Quote 0
                        • Tom ElliottT
                          Tom Elliott @marted
                          last edited by

                          @marted why not access the fog server using foglabunix? The cert is valid for that name

                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                          M 1 Reply Last reply Reply Quote 0
                          • M
                            marted @Tom Elliott
                            last edited by

                            @Tom-Elliott I run the installation only with -S and root like @Sebastian-Roth Sebastian offered. The installation passed with no problems. Monday morning will try the boot and will post it here

                            1 Reply Last reply Reply Quote 0
                            • M
                              marted @Tom Elliott
                              last edited by

                              @Tom-Elliott it doesn’t work
                              it passed only with the IP NAT 132.208
                              screenshot_5.png
                              screenshot_6.png

                              Tom ElliottT 1 Reply Last reply Reply Quote 0
                              • Tom ElliottT
                                Tom Elliott @marted
                                last edited by

                                @marted can you add a dns entry on the nat side to get you access? For internet proper links I wouldn’t recommend using the fog ca, you should probably get a proper certificate from a 3rd party to present for internet based sites.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                M Tom ElliottT 2 Replies Last reply Reply Quote 0
                                • M
                                  marted @Tom Elliott
                                  last edited by

                                  @Tom-Elliott if I get a 3rd party certificate which I can do, how can I replace the fog certificate?

                                  Tom ElliottT 1 Reply Last reply Reply Quote 0
                                  • Tom ElliottT
                                    Tom Elliott @Tom Elliott
                                    last edited by

                                    @Tom-Elliott even better, use a reverse proxy for internet to redirect into your internal network and present the certificate at the reverse proxy. This way you can use a dns name that points to a machine within your dmz, that can be restricted to internal machines. And you aren’t putting your actual fog server in any risk as all things requesting your fog server from the internet won’t actually give access to your fog server files. At least not by simply pointing to your nat side ip. You could, essentially, get rid of the nat network for your fog server in this way too.

                                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                    Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                    Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                    M 1 Reply Last reply Reply Quote 0
                                    • Tom ElliottT
                                      Tom Elliott @marted
                                      last edited by

                                      @marted you tell Apache using a namedvirtualhost config. So 192.x and foglabunix are handled by the fog ca certificate and the nat ip request is handled by the 3rd party certificate.

                                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        marted @Tom Elliott
                                        last edited by

                                        @Tom-Elliott we have a restrict proxy installed in our university. To access 132.208 network to the university I need to use private VPN configured and managed by the university. Once I activated the VPN with a private password now I have access to my 132.208 NAT. without VPN nobody from the network cannot access it. All I show you is with a VPN to the university ON. The point is to use 132.208 with VPN on and ssl not to use a computer in the lab 192.168

                                        Tom ElliottT 1 Reply Last reply Reply Quote 0
                                        • Tom ElliottT
                                          Tom Elliott @marted
                                          last edited by

                                          @marted if you’re connecting over vpn, why would need to assign a public ip to the fogserver?

                                          I guess I don’t understand the complexity involved here. If you have to access vpn to reach the fog server, why would you access it over public up spaces? VPN puts you to the internal network. You should be able to access the machine locally when connecting over VPN.

                                          I understand security and all but this seems more complicated than secure.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            Sebastian Roth Moderator
                                            last edited by

                                            @marted Your setup is kind of special so there is no common solution to it. But we can try some workaround:

                                            1. edit /opt/fog/.fogsettings and change the line hostname=foglabunix to hostname=132.208.x.y
                                            2. re-run the installer this time using the command line parameters to re-create CA keys: ./installfog.sh -S -C -K
                                            3. download and import the newly generated https://132.208.x.y/fog/management/other/ca.cert.der into your browser

                                            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                            M 2 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 1 / 3
                                            • First post
                                              Last post

                                            130

                                            Online

                                            12.1k

                                            Users

                                            17.3k

                                            Topics

                                            155.3k

                                            Posts
                                            Copyright © 2012-2024 FOG Project