installfog.sh --force-https and ipxe
- FOG Version: 1.4.4
- OS: Debian 9
After installing fog with –force-https switch ipxe.efi cannot download files via http or https from fog server.
After searching on ipxe side I suspected a certificate validation problem and I managed to get ipxe download via https on the fog web server after compiling it with the web server certificate embedded:
make bin-x86_64-efi/ipxe.efi EMBED=ipxescript TRUST=/var/www/fog//management/other/ssl/srvpublic.crt
I had also to modify the /tftpboot/default.ipxe file by replacing http by https in it because it seems that ipxe does not follow the redirection from http to https…
Is is normal or did i miss something to avoid recompiling ?
@CBO Just in case you are still interested in this. I just pushed changes to the current working branch (see here and here) to make the installer do a better job. Upgrade to the very latest and give it a go if you like.
PS: Sorry for taking so long to get back onto this.
@Tom-Elliott Not saying that this is something you should do. Just wondering what your opinion was. I might look into this at some point. It would definitely need less downloading of binaries but time to compile all the different ones on the FOG server.
The problem is I only know of a 100% sure fire way to build the ipxe binaries…
What exactly do you mean by that?
@CBO, sorry for taking over this thread but this is very closely related.
@sebastian-roth The problem is I only know of a 100% sure fire way to build the ipxe binaries and the requirements aren’t readily available on the “base” installation. That said, i’ll admit I haven’t really looked into building any specialties as I’m busy on a about a million other things as well.
@Tom-Elliott Just thinking out loud here… should be add compiling iPXE to the installer script (as we do with udpcast)? This way the cert could be added to the iPXE binaries for everyone. Would compiling on the fly break other things?
The redirection following is normal, unfortunately.