RE: https for preseed cannot verify ssl 'CN=FOG Server Ca'

I tried to change my apache conf from :

<VirtualHost *:80>
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://127.0.0.1:9000/"
    </FilesMatch>
    KeepAlive Off
    ServerName 192.168.1.200
    ServerAlias fog-pi.ad.atdqm.tech
    DocumentRoot /var/www/
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    RewriteRule /management/other/ca.cert.der$ - [L]
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
    KeepAlive Off
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://127.0.0.1:9000/"
    </FilesMatch>
    ServerName 192.168.1.200
    ServerAlias fog-pi.ad.atdqm.tech
    DocumentRoot /var/www/
    SSLEngine On
    SSLProtocol all -SSLv3 -SSLv2
    SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
#    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder On
    SSLCertificateFile /var/www/fog//management/other/ssl/srvpublic.crt
    SSLCertificateKeyFile /opt/fog/snapins/ssl//.srvprivate.key
    SSLCACertificateFile /var/www/fog//management/other/ca.cert.pem
    <Directory /var/www/fog/>
        DirectoryIndex index.php index.html index.htm
    </Directory>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
    RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L]
</VirtualHost>

by allowing all cipher/algo with this

SSLCipherSuite ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL

didn’t work.

thanks @Tom-Elliott for your answer.

I’m confused i think i did not explained my problem clearly.

Debian 12 is my fog server 192.168.1.200

It serves ubuntu iso’s files via nfs , kernels initramfs via tftp and preseed via http(s).

Ubuntu are workstations i need to deploy Ubuntu iso files are on nfs si i don’t really understand.

Should i copy the fog ca in the iso’s nfs directory ?

Looks weird because i never needed this.

My browser works flawlessly with the certificate.

The only problem is when the boot option tries to get the preseed file via https.

the folder /opt/fog/snapins/ssl contains :

drwxrwxrwx 3 fogproject www-data 4,0K  4 juin   2020 .
drwxrwxrwx 3 fogproject www-data 4,0K  4 juin   2020 ..
drwxrwxrwx 2 fogproject www-data 4,0K  4 juin   2020 CA
-rwxrwxrwx 1 fogproject www-data   98 22 avril 14:13 ca.cnf
-rwxrwxrwx 1 fogproject www-data 1,7K  4 juin   2020 fog.csr
-rwxrwxrwx 1 fogproject www-data  232  4 juin   2020 req.cnf
-rwxrwxrwx 1 fogproject www-data 3,2K  4 juin   2020 .srvprivate.key

If i need to regenerate cert i don’t want to mess somewhere.

i tried to copy the file : /opt/fog/snapins/ssl/CA/.fogCA.pem in /etc/ssl/certs/ and /usr/local/share/ca-certificates/ on the server and update-ca-certificates with no success.

i’m puzzled. Maybe it’s an algorith problem as openssl seems to warn

@george1421

sorry for the years delay . i ended up by setting http:// instead of https:// and it worked.

Re : UEFI boot pxe preseed Ubuntu20.04 via NFS with https preseed.

Hey folks hope you’re doing well

I got this problem with my fog server.

I upgraded debian 10 > 11 > 12 apache is not happy with the CA.

I reinstalled fog using the already existing .fogsettings and fog seems ok as i access the Webui via https without problem.

now i got this error when trying to deploy a custom ipxe menu

here is the menu :

kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=casper netboot=nfs nfsroot=${fog-ip}:/images/os/ubuntu/ locale=fr_FR.UTF-8 net.ifnames=0 biosdevname=0 ipv6.disable=1 keyboard-configuration/layoutcode=fr ip=dhcp rw hostname=DEPLOY1 domain=my.super.domain automatic-ubiquity url=https://${fog-ip}/autoinstall/ubuntu/ubiseed_20_all.cfg debian-installer/allow_unauthenticated_ssl=true DEBCONF_DEBUG=5
boot || goto MENU

the preseed need to be fetched via https but fails :

ERROR : cannot verify 192.168.1.200's certificate, issued by 'CN=FOG Server CA'

on apache logs i have :

[Mon Apr 22 16:58:18.308677 2024] [ssl:info] [pid 17451] SSL Library Error: error:0A000076:SSL routines::no suitable signature algorithm
[Mon Apr 22 16:58:18.308736 2024] [ssl:info] [pid 17451] [client 192.168.1.133:50613] AH01998: Connection closed to child 2 with abortive shutdown (server 192.168.1.200:443)
[Mon Apr 22 16:58:18.322694 2024] [ssl:info] [pid 17452] [client 192.168.1.133:50614] AH01964: Connection to child 3 established (server 192.168.1.200:443)
[Mon Apr 22 16:58:18.323173 2024] [ssl:info] [pid 17452] [client 192.168.1.133:50614] AH02008: SSL library error 1 in handshake (server 192.168.1.200:443)

Do i need to regenerate certificates on fog ?

when i do a wget from any client :

wget --connect-timeout=5 -c http://192.168.1.200/autoinstall/ubuntu/ubiseed_20_all.cfg -P Downloads/

i have :

--2024-04-22 17:21:32--  http://192.168.1.200/autoinstall/ubuntu/ubiseed_20_all.cfg
Connecting to 192.168.1.200:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://192.168.1.200//autoinstall/ubuntu/ubiseed_20_all.cfg [following]
--2024-04-22 17:21:32--  https://192.168.1.200//autoinstall/ubuntu/ubiseed_20_all.cfg
Connecting to 192.168.1.200:443... connected.
ERROR: The certificate of ‘192.168.1.200’ is not trusted.
ERROR: The certificate of ‘192.168.1.200’ doesn't have a known issuer.

if i try with :

wget --no-check-certificate --connect-timeout=5 -c https://192.168.1.200/autoinstall/ubuntu/ubiseed_20_all.cfg -P Downloads/

it works.

--2024-04-22 17:24:21--  https://192.168.1.200/autoinstall/ubuntu/ubiseed_20_all.cfg
Connecting to 192.168.1.200:443... connected.
WARNING: The certificate of ‘192.168.1.200’ is not trusted.
WARNING: The certificate of ‘192.168.1.200’ doesn't have a known issuer.
HTTP request sent, awaiting response... 200 OK
Length: 24414 (24K)
Saving to: ‘Downloads/ubiseed_20_all.cfg’

If some wizard passing by could give me some hints it would be terrific.

Thanks

@george1421 : Thank you very much.

In fact i’m used to regular pxe server and we use fog mostly for the cloning feature for windows Workstations.

To deal with Ubuntu workstations i like to do iso booting + pxe , this way i can mix/test configurations (preseed.cfg) of installation process quickly/easily directly from our gitea.

By the way i use fog as the main pxe server even for servers with debian based installations.

After this part of deployment ansible is the king of the hill to do all basics/complex tasks.

Can i modify the topic’s title with SOLVED ? Can i edit my posts to remove the domain’s informations ?

Regards.

@george1421 : Hi George

Thank you for your response as always it’s fast and relevant.
As you notice english’s not my native language i’ll try to be clear.

1. There are 2 differents servers: old one (deb10) and new one (deb11) . I installed a fresh new Debian 11 OS on a VM to do some tests on another facility. I keep the older (debian 10) fog server on the main site.
2. Debian 11 is the OS of the FOG server 1.5.9 119. The target comptuter is booting a ubuntu 20.04.3 iso via NFS.
3. I’m automating installing Ubuntu 20.04.3 with (debian) preseed which works like a charm on the older server. I’m not confortable with doing image capture/deploy with ubuntu. I want to keep control over specific setting for several workstations whithout doing a capture/deploy cycle each time i do some tests.

You’re right it’s a redirection and you know what ? I’m a complete dumbass :

diff 001-fog.conf 001-fogm.conf

5,6c5,7
<     ServerName 192.168.1.200
<     ServerAlias fogdeb10.ad.atdqm.tech
---
>     KeepAlive Off
>     ServerName 10.17.1.220
>     ServerAlias fogm.ad.atdqm.tech
8,13c9,14
<     RewriteEngine Off
< #    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
< #    RewriteRule .* - [F]
< #    RewriteRule /management/other/ca.cert.der$ - [L]
< #    RewriteCond %{HTTPS} off
< #    RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
---
>     RewriteEngine On
>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>     RewriteRule .* - [F]
>     RewriteRule /management/other/ca.cert.der$ - [L]
>     RewriteCond %{HTTPS} off
>     RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]
20,21c21,22
<     ServerName 192.168.1.200
<     ServerAlias fogdeb10.ad.atdqm.tech
---
>     ServerName 10.17.1.220
>     ServerAlias fogm.ad.atdqm.tech
24c25
<     SSLProtocol all -SSLv3 +TLSv1.3
---
>     SSLProtocol all -SSLv3 -SSLv2

I got the exact same problem few times ago and you and @Sebastian-Roth already helped me out !

Right here :

https://forums.fogproject.org/topic/15760/uefi-boot-pxe-preseed-ubuntu20-04-via-nfs-with-https-preseed?_=1641557754413

I just adapt the the apache conf of new FOG and it works perfectly ! Now i just feel stupid.

Thank you very much and sorry for the convenience.

Best regards.

Hi there.

First i need to thanks all team,devs and enthousiats volounteers participating and helping this great project.

I managed to boot Ubuntu 20.04.3 via NFS/HTTPS with UEFI (BTRFS + apt-btrfs-snapshots) (LUKS OR NOT) with a fully automated preseed/postinstall.sh

Here are the files :

The menu :

kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=casper netboot=nfs nfsroot=${fog-ip}:/images/os/ubuntu/ locale=fr_FR.UTF-8 net.ifnames=0 biosdevname=0 ipv6.disable=1 keyboard-configuration/layoutcode=fr ip=dhcp rw hostname=DEPLOYX-ATD domain=ad.atdqm.tech automatic-ubiquity url=http://${fog-ip}/autoinstall/ubuntu/ubiseed_20_nvme.cfg debian-installer/allow_unauthenticated_ssl=true DEBCONF_DEBUG=5
boot || goto MENU

The Preseed

# Scripté par votre serviteur Val durant un apres-midi de printemps.
# version 0.8
# TODO 
# REDUIR TEMPS GRUB
# AJOUTER COMMANDE PAM MKHOME

# Il s'agit d'automatiser une installation d' Uuntu 20.04.2 Desktop à destination des desktops et laptops du mouvement.
# Certaines informations manquent et des tests sont en cour.
# On pourrait utiliser Packer , Vagrant, Ansible , toussa mais pour le moment on fait un preseed assez simple sans jonction à l'AD mais avec les
# paquets qui vont bien.
# On pourrait aussi utiliser autoinstall du cloud-init en yaml mais c'est compatible uniquement avec la version server . Pourquoi ? je n'en ai absolument aucune idée.
# À terme nous prevoyons deux autres preseed apres des tests: 
# Un pour des laptop (chiffrement luks)  avec/sans jonction AD
# Un pour machines virtuelles avec jonction AD
# Enjoy ! 


# À partir du moment ou le preseed est lu on peut directement executer une commande
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb


### Unattended Installation
d-i auto-install/enable boolean true
d-i debconf/priority select critical

# 1 - ### Localization

# Preseeding only locale sets language, country and locale.
# On setup la locale qui s'occupe de language, country and locale.
d-i debian-installer/locale string fr_FR.UTF-8
d-i localechooser/supported-locales multiselect fr_FR.UTF-8
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select fr

# 2 -  ### Network configuration

# On active la conf reseau bah oui on est en pxe les copains. Il faut que la plage IP et les DNS soient good !

d-i netcfg/enable boolean true

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select eth1

# À tricker au cas ou la conf auto ne passe pas.

# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
d-i netcfg/link_wait_timeout string 10

# En cas de DHCP molasson on definit un timeout (en secondes) 
 
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60

# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true

# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually

# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string DEPLOYX-ATD
#d-i netcfg/get_domain string unassigned-domain

d-i netcfg/get_domain string ad.atdqm.tech

# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost

# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.

# Cette directive est à adapter selon les experiences rencontrées avec le hardware du parc.
d-i hw-detect/load_firmware boolean false

### Network console
# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme

# Use this instead if you prefer to use key-based authentication
#d-i network-console/authorized_keys_url http://host/authorized_keys

# 3 -### Mirror settings

# If you select ftp, the mirror/country string does not need to be set.

#d-i mirror/protocol string ftp

#d-i mirror/country string france
#d-i mirror/http/hostname string fr.archive.ubuntu.com
#d-i mirror/http/directory string /ubuntu
#d-i mirror/http/proxy string



### Lorsque notre apt -cacher-ng sera installé precisez l'addresse ici.
#d-i mirror/http/proxy string https://apt-cacher-ng:3184/


# Alternatively: by default, the installer uses CC.archive.ubuntu.com where
# CC is the ISO-3166-2 code for the selected country. You can preseed this
# so that it does so without asking.

# On utilise le depot par defaut en FR
d-i mirror/http/mirror select fr.archive.ubuntu.com

# Suite to install.
# TODO Incomprehensible que les dev d'ubuntu n'aient pas updaté cette valeur stretch pour la 20.04 ?

#d-i mirror/suite string focal

# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string focal

# Components to use for loading installer components (optional).

# On balance les depots universe et multiverse en plus pour que notre preseed sache ou aller taper.
d-i mirror/udeb/components multiselect main, restricted, universe, multiverse

# 5 - ### Account setup


### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo). The default is false; preseed this to true if you want to set
# a root password.


d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean true

# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3)  hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]

# Nous specifions le local admin pour acces à l'interface graphique en cas de depannage sans A.D (SSSD)



# To create a normal user account.
d-i passwd/user-fullname string admin6
d-i passwd/username string admin6
d-i passwd/user-uid string 980

# Normal user's password, either in clear text
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure

# or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash]
d-i passwd/user-password-crypted password $6$1SJtgvACAbAK$RbIwXeRozK7OWXxYvFiHYJphPoRtbbouXjM2XtTf0UZZyZcFx4boNg2B0BGZl0b8LqecuhnaXPX8apyRuxxmG/

# Create the first user with the specified UID instead of the default.

# On cree un user sous le GID 1000 afin qu'il n'apparaisse pas dans gdm.
#d-i passwd/user-uid string 888

# The installer will warn about weak passwords. If you are sure you know
# what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true

# The user account will be added to some standard initial groups. To
# override that, use this.

# On ajoute l'user à netdev et sudo juste comme ça pour le fun.
d-i passwd/user-default-groups string audio cdrom video netdev sudo users lpadmin

# Set to true if you want to encrypt the first user's home directory.

# TODO on test mais on y croit pas . 
d-i user-setup/encrypt-home boolean false

### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true

# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/Paris

# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true

# NTP server to use. The default is almost always fine here.
# TODO trouver le ntp qui va bien.
d-i clock-setup/ntp-server string server 0.fr.pool.ntp.org

### i386 specific disk storage
# Activate DASD disks
#d-i s390-dasd/dasd string 0.0.0200,0.0.0300,0.0.0400

# DASD configuration; by default dasdfmt (low-level format) if needed
#d-i s390-dasd/auto-format boolean true
#d-i s390-dasd/force-format boolean true

# zFCP activation and configuration
# d-i s390-zfcp/zfcp string 0.0.1b34:0x400870075678a1b2:0x201480c800000000, \
#                           0.0.1b34:0x400870075679a1b2:0x201480c800000000


# 5 - Partitionnement

# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
#d-i partman/early_command \
#       string sgdisk -Z /dev/vda

## Partitioning example
# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
# Alternatives: custom, some_device, some_device_crypto, some_device_lvm.
#d-i partman-auto/init_automatically_partition select biggest_free

# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm:     use LVM to partition the disk
# - crypto:  use LVM within an encrypted partition
d-i partman-auto/method string regular

# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...

# Si il y a deja un lvm dans le cadre d'une reinstallation on vire les avertissements et on ecrase ! 

d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
#d-i partman-md/device_remove_md boolean true

# And the same goes for the confirmation to write the lvm partitions.
#d-i partman-lvm/confirm boolean true
#d-i partman-lvm/confirm_nooverwrite boolean true

# For LVM partitioning, you can select how much of the volume group to use
# for logical volumes.
#d-i partman-auto-lvm/guided_size string max
#d-i partman-auto-lvm/guided_size string 99%
#d-i partman-auto-lvm/guided_size string 50%

# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /var, and /tmp partitions

# Est-ce judicieux de separer le home ? Etant donné qu'on utilise le btrfs il gere lui-meme les subvolume donc pas besoin de multiplier les partitions btrfs.
# Nous ne separons pas le home


#d-i partman-auto/choose_recipe select atomic

# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
# just point at it.
#d-i partman-auto/expert_recipe_file string /hd-media/recipe

# If not, you can put an entire recipe into the preconfiguration file in one
# (logical) line. This example creates a small /boot partition, suitable
# swap, and uses the rest of the space for the root partition:
d-i partman-auto/expert_recipe string                         \
      boot-root ::                                            \
              512 50 512 fat32                                  \
                      $primary{ } $bootable{ }                \
                      method{ efi } format{ }              \
                      mountpoint{ /boot/efi }                     \
              .                                               \
              500 10000 1000000000 btrfs                       \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ btrfs }    \
                      mountpoint{ / }                         \
              .                                               \
              8192 80 9000 linux-swap                          \
                      method{ swap } format{ }                \
              .

# If you just want to change the default filesystem from ext3 to something
# else, you can do that without providing a full recipe.

# On choisit le systeme de fichier par default. Le btrfs c'est bien.
#d-i partman/default_filesystem string btrfs


# The full recipe format is documented in the file partman-auto-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository. This also documents how to specify settings such as file
# system labels, volume group names and which physical devices to include
# in a volume group.

# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.

# Encore des confirmations sur le partitionnement
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
## Partitioning using RAID

# The method should be set to "raid".
#d-i partman-auto/method string raid
# Specify the disks to be partitioned. They will all get the same layout,
# so this will only work if the disks are the same size.
d-i partman-auto/disk string /dev/nvme0n1

# included in the 'debian-installer' package or available from D-I source
# repository.

# This makes partman automatically partition without confirmation.

## Controlling how partitions are mounted
# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid

### Base system installation
# Configure a path to the preconfigured base filesystem. This can be used to
# specify a path for the installer to retrieve the filesystem image that will
# be deployed to disk and used as a base system for the installation.
d-i live-installer/net-image string /install/filesystem.squashfs
 
# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false

# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-generic

### Apt setup
# You can choose to install restricted and universe software, or to install
# software from the backports repository.
d-i apt-setup/restricted boolean true
d-i apt-setup/universe boolean true
d-i apt-setup/multiverse boolean true
d-i apt-setup/backports boolean true

# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false

# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string security.ubuntu.com
d-i apt-setup/security_path string /ubuntu

# Additional repositories, local[0-9] available
#On va preciser notre apt-cacher -ng qui a la meme addresse que notre FOG 0.200

#d-i apt-setup/local0/repository string \
#       http://local.server/ubuntu stretch main
#d-i apt-setup/local0/comment string local server
# Enable deb-src lines
#d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
#d-i apt-setup/local0/key string http://local.server/key

# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
#d-i debian-installer/allow_unauthenticated boolean true

# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386


### Package selection
#tasksel tasksel/first multiselect ubuntu-desktop
#tasksel tasksel/first multiselect lamp-server, print-server
#tasksel tasksel/first multiselect kubuntu-desktop


### On desactive totalement le module pkgsel/include car ces *** de dev d'ubiquity on viré ce module lorsqu'on installe en automatic ubiquity. Bien sur sans le documenter proprement.
# Shame on you bande de trous de balle !
# À la place on va utiliser ubiquity/success_command


# Individual additional packages to install

#d-i pkgsel/include string apt-btrfs-snapshot apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git gnome-shell-extensions gnome-terminal gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv netcat openssh-server pciutils python3.9 python3-distutils python3-distutils-extra realmd remmina samba scribus tmux ubuntu-desktop vim vlc wget x11-xserver-utils x2goclient



# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select full-upgrade

# Language pack selection
#d-i pkgsel/language-packs multiselect de, en, zh

#d-i pkgsel/language-packs select fr

# Policy for applying updates. May be "none" (no automatic updates),
# "unattended-upgrades" (install security updates automatically), or
# "landscape" (manage system with Landscape).
#d-i pkgsel/update-policy select unattended-upgrades

# Some versions of the installer can report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and include it on CDs.
#popularity-contest popularity-contest/participate boolean false

# By default, the system's locate database will be updated after the
# installer has finished installing most packages. This may take a while, so
# if you don't want it, you can set this to "false" to turn it off.
#d-i pkgsel/updatedb boolean true

### Boot loader installation
# Grub is the default boot loader (for x86). If you want lilo installed
# instead, uncomment this:
#d-i grub-installer/skip boolean true

# To also skip installing lilo, and install no bootloader, uncomment this
# too:
#d-i lilo-installer/skip boolean true

#ubiquity languagechooser/language-name string French
#ubiquity countrychooser/shortlist string FR
#ubiquity localechooser/supported-locales string fr_FR.UTF-8





# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true

# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
#d-i grub-installer/with_other_os boolean true

# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
#d-i grub-installer/bootdev  string /dev/nvme0n1

# To install to the first device (assuming it is not a USB stick):
d-i grub-installer/bootdev string default



# Si l'installation ne fonctionne pas pour une raison ou pour une autre on lui demande de rebooter : 
#ubiquity/failure_command string
#systemctl reboot;


#ubiquity ubiquity/success_command string
#string ip link set up dev enp5s0;
#dhclient enp5s0;
#apt-get update -y;
#in-target apt-get install -y apt-btrfs-snapshot apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git gnome-shell-extensions gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv netcat openssh-server pciutils python python3-distutils python3-distutils-extra realmd remmina samba scribus tmux unattended-upgrades vim vlc wgetx12-xserver-utils x2goclient;


#ubiquity ubiquity/success_command string
#'sed '2 a dhcp=dhclient2' /target/etc/NetworkManager/NetworkManager.conf';
#echo 'yeah';



#
#
# Alternatively, if you want to install to a location other than the mbr,
# uncomment and edit these lines:
#d-i grub-installer/only_debian boolean false
#d-i grub-installer/with_other_os boolean false
#d-i grub-installer/bootdev  string (hd0,1)

# To install grub to multiple disks:
#d-i grub-installer/bootdev  string (hd0,1) (hd1,1) (hd2,1)

# Optional password for grub, either in clear text
#d-i grub-installer/password password r00tme
#d-i grub-installer/password-again password r00tme

# or encrypted using an MD5 hash, see grub-md5-crypt(8).
#d-i grub-installer/password-crypted password [MD5 hash]

# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
#d-i debian-installer/add-kernel-opts string nousb

### Finishing up the installation
# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
d-i finish-install/keep-consoles boolean true

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

# Custom command si lancé avec automatic-ubiquity
ubiquity ubiquity/success_command string \
mkdir -p /target/home/admin6/.ssh; \
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1BV32184AAIGcgTW5wqCc0o8b4qtKjXwoIP/5Zmu/lSmuA0nNZ4uOS' >> /target/home/admin6/.ssh/authorized_keys; \
chmod -R 700 /target/home/admin6/.ssh; \
chmod -R 600 /target/home/admin6/.ssh/authorized_keys; \
chown -R 1000:1000 /target/home/admin6/.ssh; \
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config; \
sed -i 's/#PermitRootLogin prohibit-password/#PermitRootLogin no/' /etc/ssh/sshd_config; \
#echo 'admin6 ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/99_admin6; \
sed -i '3idhcp=dhclient' /target/etc/NetworkManager/NetworkManager.conf; \
sed -i 's/MaxAge=90/MaxAge=7/g' /target/etc/cron.weekly/apt-btrfs-snapshot; \
mkdir -p /target/root; \
wget --no-check-certificate -c 'https://192.168.1.200/fog/autoinstall/ubuntu/postinstall.sh' -P /target/root; \
chmod +x /target/root/postinstall.sh; \
echo '@reboot root bash /root/postinstall.sh >> /var/log/postinstall.log 2>&1' >> /target/etc/crontab;
#sed -i -e 's/dhcp=dhclient/#dhcp=dhclient/' /target/etc/NetworkManager/NetworkManager.conf \
#sed -i -e 's/dns=dnsmasq/#dns=dnsmasq/' /target/etc/NetworkManager/NetworkManager.conf ;\
#in-target apt install openssh-sftp-server;


# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
d-i cdrom-detect/eject boolean true
d-i debian-installer/splash boolean false

d-i debian-installer/exit/poweroff boolean true

# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true

### Preseeding other packages
# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
#   debconf-get-selections --installer > file
#   debconf-get-selections >> file


#### Advanced options
### Running custom commands during the installation
## i386 Preseed Example
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.


# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"

# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh

The quite simple postinstall.sh script :

#!/bin/bash
dhclient
echo "Waiting for Internet ..."
while ! timeout 0.2 ping -c 1 -n 9.9.9.9 &> /dev/null
do
	    printf "%c" "."
    done
    echo "OK"
# Instal The stuff
	notify-send --expire-time=25 "Votre systeme applique son script de postinstallation"
	apt update
	apt install -y apt-btrfs-snapshot python3-distutils
	apt install -y --allow-downgrades sssd-ad-common=2.2.3-3 sssd-ad=2.2.3-3 sssd-common=2.2.3-3 sssd-dbus=2.2.3-3 sssd-ipa=2.2.3-3 sssd-kcm=2.2.3-3 sssd-krb5-common=2.2.3-3 sssd-krb5=2.2.3-3 sssd-ldap=2.2.3-3 sssd-proxy=2.2.3-3 sssd-tools=2.2.3-3 sssd=2.2.3-3 libsss-idmap0=2.2.3-3 libipa-hbac0=2.2.3-3 libsss-idmap0=2.2.3-3 python3-sss=2.2.3-3
	apt-mark hold sssd-ad-common=2.2.3-3 sssd-ad=2.2.3-3 sssd-common=2.2.3-3 sssd-dbus=2.2.3-3 sssd-ipa=2.2.3-3 sssd-kcm=2.2.3-3 sssd-krb5-common=2.2.3-3 sssd-krb5=2.2.3-3 sssd-ldap=2.2.3-3 sssd-proxy=2.2.3-3 sssd-tools=2.2.3-3 sssd=2.2.3-3 libsss-idmap0=2.2.3-3 libipa-hbac0=2.2.3-3 libsss-idmap0=2.2.3-3 python3-sss=2.2.3-3
	apt install -y apt-listchanges apt-transport-https autorandr build-essential chrome-gnome-shell chromium-browser chrony curl debconf-utils gimp git glances gnome-shell-extensions gnupg hdparm htop icc-profiles inkscape libxml2-utils libglib2.0-dev-bin libegl1-mesa libgl1-mesa-glx libxcb-xtest0 libgl1-mesa-glx libnss-sss libnss-winbind libpam-sss libxcb-dpms0 libxext6 lsb-release mpv nautilus-nextcloud netcat nextcloud-desktop openssh-server pciutils python3.9 python3-distutils-extra realmd remmina samba scribus tmux vim vlc wget x11-xserver-utils x2goclient x2goserver
   	wget --no-check-certificate -c 'https://192.168.1.200/fog/autoinstall/ubuntu/99-wlan' -P /etc/NetworkManager/dispatcher.d
   	systemctl disable --now cups-browsed
	notify-send -u critical "Votre systeme va redemarrer et sera pret Enjoy !"
   	apt install -y krb5-user samba cifs-utils smbclient adcli
# Remove from crontab
    	sed -i '$d' /etc/crontab
    	reboot
    	exit 0

It worked like a charm on Debian 10.11 with FOG 1.5.9

I tried the exact same configuration on Debian 11.2 with FOG 1.5.9.114

I got this error on the client :

and this in apache2 logs :

10.17.1.220:80 10.17.3.171 - - [07/Jan/2022:10:58:05 +0100] "GET /autoinstall/ubuntu/ubiseed_20_vm.cfg HTTP/1.1" 302 563 "-" "Wget/1.20.3 (linux-gnu)"

EDIT : Forgot to say i can DL the file from a client on the network with :

wget --no-check-certificate https://10.17.1.220:/autoinstall/ubuntu/ubiseed_20_vm.cfg

i got :

--2022-01-07 12:15:28--  https://10.17.1.220/autoinstall/ubuntu/ubiseed_20_vm.cfg                                                                                                             
Connexion vers 10.17.1.220:443... connecté.                                                                                                                                                   
AVERTISSEMENT : impossible de vérifier l'attribut 10.17.1.220 du certificat, émis par «CN=FOG Server CA» :
  Récupération d'un certificat auto-signé.
requête HTTP transmise, en attente de la réponse... 200 OK
Taille : 26567 (26K)
Enregistre : «ubiseed_20_vm.cfg»

Wich means it could’nt verify the self signed attribute but however result with a 200 OK .

I thought it can be some minor changes i need to do and looking for a clue or some good advice here.

Thanks fellows.

Have a nice day.

Thanks it saved my day.

Ok just changed my site-ebabled with

@george1421 said in UEFI boot pxe preseed Ubuntu20.04 via NFS with https preseed.:

/tftpboot/default.ipxe

Yes it does :

chain https://192.168.1.200/fog/service/ipxe/boot.php##params

I just managed to make it work :

I commented disabled rewrite in apache conf

/etc/apache2/sites-enabled/001-fog.conf

    RewriteEngine Off
#    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
#    RewriteRule .* - [F]
#    RewriteRule /management/other/ca.cert.der$ - [L]
#    RewriteCond %{HTTPS} off
#    RewriteRule (.*) https://%{HTTP_HOST}/$1 [R,L]

systemctl restart apache2

And now it can download the preseed via http !

Thank you very much @george1421 for the really good pointers as always.

@george1421 said in UEFI boot pxe preseed Ubuntu20.04 via NFS with https preseed.:

http://<fog_server_ip>/autoinstall/ubuntu/ubiseed_20_w.cfg

Yes i think i enabled it during installation.

I really like accessing FOG webUI via https because we got not VLAN here (i know my bad)

Is there a way to properly disable it to do some test without breaking any fog confs or encounter side effects ? Or just disable the Rewrite ?

Thank you @george1421

Can i necro-bump a “solved” topic ?

Because Op talks about this option :

debian-installer/allow_unauthenticated_ssl=true url=http://${fog-ip}/preseed/preseed.cfg

@Sebastian-Roth notice the same option without the s :

debian-installer/allow_unauthenticated_ssl=true url=https://${fog-ip}/preseed/preseed.cfg

I got the same problem and i don’t get how it has been solved. Any help would be very appreciated dudes.

My ipxe boot lines :

kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=casper netboot=nfs nfsroot=${fog-ip}:/images/os/ubuntu/ locale=fr_FR.UTF-8 net.ifnames=0 biosdevname=0 ipv6.disable=1 keyboard-configuration/layoutcode=fr ip=dhcp rw hostname=DEPLOYX-ATD domain=ad.atdqm.tech automatic-ubiquity debian-installer/allow_unauthenticated_ssl=true url=https://${fog-ip}/autoinstall/ubuntu/ubiseed_20_w.cfg DEBCONF_DEBUG=5
boot || goto MENU

The situation is i managed to make it work with ftp server but now we have to shutdown this brave little server and use http or https only. That’s also a good point as @Tom-Elliott suggested to me .

As @george1421 already told me the url= is compatible with ftp and http protocols

So i tried http and https but no success here.
I didn’t modify the apache2 conf
I cannot get the pressed downloaded here is the error message :

Any help is much appreciated.

Thank you very much

EDIT : more infos.

@george1421 : Right !

I removed all offending spaces and voilà !

Thank you very much .

PS : By the way i noticed the error also occurs when i select multiple entries as : default item.

Thank you @george1421 for those suggestions . I removed all characters which could cause troubles and it didn’t solve this problem.

Here is the printed output of the iPXE menu . I have many entries because of tests.

#!ipxe
set fog-ip 192.168.100.10
set fog-webroot fog
set boot-url https://${fog-ip}/${fog-webroot}
cpuid --ext 29 && set arch x86_64 || set arch i386
goto get_console
:console_set
colour --rgb 0x00567a 1 ||
colour --rgb 0x00567a 2 ||
colour --rgb 0x00567a 4 ||
cpair --foreground 7 --background 2 2 ||
goto MENU
:alt_console
cpair --background 0 1 ||
cpair --background 1 2 ||
goto MENU
:get_console
console --picture https://192.168.100.10/fog/service/ipxe/bg.png --left 100 --right 80 && goto console_set || goto alt_console
:MENU
menu
colour --rgb 0xff0000 0 ||
cpair --foreground 1 1 ||
cpair --foreground 0 3 ||
cpair --foreground 4 4 ||
item --gap Host is NOT registered!
item --gap -- -------------------------------------
item fog.local Boot from hard disk
item fog.memtest Run Memtest86+
item fog.reginput Perform Full Host Registration and Inventory
item fog.reg Quick Registration and Inventory
item fog.deployimage Deploy Image
item fog.multijoin Join Multicast Session
item fog.sysinfo Client System Information (Compatibility)
item os.Ubuntu.20.04 Ubuntu Desktop 20.04
item os.Ubuntu.20.04.EFI Ubuntu 20.04 EFI
item os.Ubuntu.20.04.1.HTTP_AUTOINSTALL Ubuntu 20.04.1 HTTP autoinstall Method
item os.Ubuntu.Desktop.20.04.FTP os.Ubuntu.20.04 FTP
item os.Ubuntu.20_04D.auto.HTTPS AUTO 20.04 VIa HTTPS
item os.Debian.10.9_Live_via_ftp Debian 10 9 Live via ftp squashfs
item os.Debian.10.9_PRESEED Debian 10 9 Live BIOSBOOT Luks
item os.debian.10.9.HTTPS debian over https Preseed
item os.debian.tftp via full tftp
choose --default os.Debian.10.9 Live via ftp --timeout 3000 target && goto ${target}
:fog.local
sanboot --no-describe --drive 0x80 || goto MENU
:fog.memtest
kernel memdisk initrd=memtest.bin iso raw
initrd memtest.bin
boot || goto MENU
:fog.reginput
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=375000 keymap=fr web=https://192.168.100.10/fog/ consoleblank=0 debug rootfstype=ext4 storage=192.168.100.10:/images/ storageip=192.168.100.10 nvme_core.default_ps_max_latency_us=0 loglevel=4 mode=manreg
imgfetch init_32.xz
boot || goto MENU
:fog.reg
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=375000 keymap=fr web=https://192.168.100.10/fog/ consoleblank=0 debug rootfstype=ext4 storage=192.168.100.10:/images/ storageip=192.168.100.10 nvme_core.default_ps_max_latency_us=0 loglevel=4 mode=autoreg
imgfetch init_32.xz
boot || goto MENU
:fog.deployimage
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param qihost 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.multijoin
login
params
param mac0 ${net0/mac}
param arch ${arch}
param username ${username}
param password ${password}
param sessionJoin 1
isset ${net1/mac} && param mac1 ${net1/mac} || goto bootme
isset ${net2/mac} && param mac2 ${net2/mac} || goto bootme
param sysuuid ${uuid}
:fog.sysinfo
kernel bzImage32 loglevel=4 initrd=init_32.xz root=/dev/ram0 rw ramdisk_size=375000 keymap=fr web=https://192.168.100.10/fog/ consoleblank=0 debug rootfstype=ext4 storage=192.168.100.10:/images/ storageip=192.168.100.10 nvme_core.default_ps_max_latency_us=0 loglevel=4 mode=sysinfo
imgfetch init_32.xz
boot || goto MENU
:os.Ubuntu.20.04
kernel tftp://${fog-ip}/os/ubuntu/20.04/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04/initrd
imgargs initrd=initrd root=/dev/nfs ro ip=dhcp auto=true keymap=fr hostname=ubuntu vga=normal nfsroot=${fog-ip}:/images/os/ubuntu/20.04/
boot || goto MENU
param sysuuid ${uuid}
:os.Ubuntu.20.04.EFI
kernel http://${fog-ip}/ubuntu/20.04/vmlinuz ip=dhcp hostname=ubuntu20TESTdomain=local
initrd http://${fog-ip}/ubuntu/20.04/initrd
imgargs ip=dhcp autoinstall url=http://${fog-ip}/ubuntu/20.04/ubuntu-20.04.1-desktop-amd64.iso ds=nocloud-net;s=http://${fog-ip}/ubuntu/20.04/autoinstall
boot || goto MENU
param sysuuid ${uuid}
:os.Ubuntu.20.04.1.HTTP_AUTOINSTALL
kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd root=/dev/ram0 ramdisk_size=1800000 ip=dhcp url=ftp://${fog-ip}/fog/autoinstall/ubuntu-20.04.1-desktop-amd64.iso ro autoinstall net.ifnames=0 biosdevname=0 ipv6.disable=1 ds=nocloud-net\;s=https://192.168.100.10/fog/autoinstall/
boot
param sysuuid ${uuid}
:os.Ubuntu.Desktop.20.04.FTP
kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd ip=dhcp root=/dev/ram0 ramdisk_size=1800000 url=ftp://192.168.100.10/ubuntu-20.04.2.0-desktop-amd64.iso net.ifnames=0 biosdevname=0 ipv6.disable=1 locale=fr_FR.UTF-8 keyboard-configuration/layoutcode=fr hostname=TESTX-L ro automatic-ubiquity url=ftp://192.168.100.10/preseed.cfg DEBCONF_DEBUG=5
boot || goto MENU
param sysuuid ${uuid}
:os.Ubuntu.20_04D.auto.HTTPS
kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd ip=dhcp root=/dev/ram0 ramdisk_size=1800000 ip=dhcp url=https://192.168.100.10/fog/autoinstall/ubuntu-20.04.2.0-desktop-amd64.iso.orig ro
boot
param sysuuid ${uuid}
:os.Debian.10.9_Live_via_ftp
kernel tftp://${fog-ip}/os/debian/vmlinuz
initrd tftp://${fog-ip}/os/debian/initrd
imgargs vmlinuz initrd=initrd boot=live components fetch=ftp://${fog-ip}/filesystem.squashfs
boot || goto MENU
param sysuuid ${uuid}
:os.Debian.10.9_PRESEED
kernel tftp://${fog-ip}/os/debian/linux
initrd tftp://${fog-ip}/os/debian/initrd.gz
imgargs linux initrd=initrd.gz boot=live url=ftp://${fog-ip}/debian-live-10.9.0-amd64-standard.iso auto=true url=ftp://${fog-ip}/debseed.cfg
boot || goto MENU
param sysuuid ${uuid}
:os.debian.10.9.HTTPS
kernel tftp://${fog-ip}/os/debian/vmlinuz
initrd tftp://${fog-ip}/os/debian/initrd
imgargs vmlinuz initrd=initrd ip=dhcp root=/dev/ram0 ramdisk_size=1800000 ip=dhcp url=https://192.168.100.10/fog/autoinstall/debian-live-10.9.0-amd64-standard.iso ro
boot
param sysuuid ${uuid}
:os.debian.tftp
kernel tftp://${fog-ip}/os/debian/linux auto=true url=tftp://${fog-ip}/os/debian/debseed.cfg interface=auto hostname=debian-10 domain=local initrd=initrd.gz vga=788 noprompt quiet
imgfetch tftp://${fog-ip}/os/debian/initrd.gz
boot || goto MENU
param sysuuid ${uuid}
:bootme
chain -ar https://192.168.100.10/fog/service/ipxe/boot.php##params ||
goto MENU
autoboot

Thanks @Tom-Elliott and @RobPomeroy .

I managed to boot an Ubuntu iso with preseed via tftp + ftp .

kernel tftp://${fog-ip}/os/ubuntu/20.04D/vmlinuz
initrd tftp://${fog-ip}/os/ubuntu/20.04D/initrd
imgargs vmlinuz initrd=initrd ip=dhcp root=/dev/ram0 ramdisk_size=1800000 url=ftp://192.168.100.10/ubuntu-20.04.2.0-desktop-amd64.iso net.ifnames=0 biosdevname=0 ipv6.disable=1 locale=fr_FR.UTF-8 keyboard-configuration/layoutcode=fr hostname=TESTX-L ro automatic-ubiquity url=ftp://192.168.100.10/preseed.cfg DEBCONF_DEBUG=5
boot || goto MENU

I changed the original vsftpd.conf of the fog server.

By the way i’ll try to boot and preseed with http.

Thank you for the suggestion.

Hi !

First of all thanks to all the fog team and contributors fog rocks and is so useful to many people.

I have a problem i wish someone give me a clue how to solve it.

Recently i noticed a problem in iPXE advanced menu.
I try to boot iso from fog and manipulate a lot the iPXe menu entries .

When i select an entry as Default Item i can no longer see the iPXE advanced menu correctly.

I have this screen :

Maybe i can debug with iPXE commands by i’m a noob concerning iPXE syntax.

Can someone help me with this ?

In advance thanks.

EDIT : I went to this page :
https://ipxe.org/err/461620

@robpomeroy Thaks for this howto. I tried it replacing http by ftp and it doesn’t work.

Have any clue how to do it via ftp ?

@george1421 Thank you very much for those suggestions. I’ll dig and share a way to do it.

My purpose is to do a Fully automated ubuntu 20.04.2 Desktop (UEFI) installation via FOG’s iPXE.

I got more than 100 Workstations and need to make it viable with an Ansible post-installation.

In the first time i wanted to do it with preseed but autoinstall seems to be the new shit so i’ll try it out.

To do Secure boot with Ubuntu 20.04 you’re right we need the signed kernels.

I need to RTM and do some tests.

Don’t you think chainloading signed grub via iPXE in FOG could be a more efficient and easier way to do tasks centralized over all grub’s options ?

For example those files (chainloaded) could boot via GRUB2 a secure boot installation for example :

grubx64.efi.signed

grubnetx64.efi.signed

Regards.

Hi .

I’m wondering is there anyone succeeded in fully automated iPXE ubuntu 20.04 install via fog.

I tried many parameters with no success.

It seems url= is only for http and ftp am i wrong ?

By the way i managed to boot Fedora workstations , Debian via a regular pxe with grub chainloaded in EFI Secure boot with the shim.signed.

Is there a way to chainload grub2 in fog ? It could be the easiest.