A built-in web-server is automatically set up for software products based on COREmanager.
Automatic configuration of the built-in web-server
The built-in web-server automatically listens to port 1500 of the main IP address (both IPv4 and IPv6).
Different ways to configure the built-in web-server
You can configure the web-server to listen to certain IP addresses and ports either through the command line or the configuration file.
If you specify settings in the configuration file, the configuration parameters that were specified in the command line will be ignored.
Command line
When starting the web-server you can specify a specific IP address and port to listen. For more information about this function start the web-server using the -h
key.
Configuration file
For more flexible configuration of your built-in web-server, you can use the file etc/ihttpd.conf of a COREmanager 5-based software.
In the listen section of that file you can specify IP addresses to listen:
listen {
ip <IP address to listen>
port <port to listen>
certkey <path to the file key of the SSL-certificate>
cert <path to the SSL-certificate's file>
}
- The IP address is a mandatory parameter. Other parameters are optional
- If the "port" parameter is not specified, the default port (1500) of the built-in web-server will be used
- Both the
certkey
andcert
parameters must be specified. You cannot specify only one parameter. - If the certificates' paths are not specified, the built-in web-server will use a self-signed SSL certificate that was created automatically
- If the
redirect
parameter is specified, users won't be able to access the panel through HTTP. HTTP requests will be sent to the same URL through the HTTPS protocol. (we do not recommend that you use this option for VMmanager 5 and DCImanager 5, as it may cause errors when running OS installers). If you install the panel from packages,redirect
is specified by default except for VMmanager 5 and DCImanager 5. - If the
status
parameter is present, when accessing the specified URL, the built-in web server will generate the status page (displaying, in particular, the number of active connections). This function is disabled by default; - If the
nochunked
parameter is present, the built-in web server will add the Connection: close header to all responses: this will force clients to use a new connection for each new request. This parameter has been added to integrate the built-in web server with nginx; - The parameters
allow_ip
ordeny_ip
allow or deny access to certain URLs. URL must not contain domain or port — only the path after the port, for example mancgi/dbadmin. The rules are processed in the order they appear in the list. If there are conflicting rules, the rule higher in the list will be applied first. If there is an allowing rule, then for the specified url, all IPs which do not fall under the rule are considered prohibited; - ssl_cipher — the parameter for configuring SSL encryption. The format of the string corresponds to the
priorities
parameter of thegnutls_priority_init
function. E.g.,NORMAL:-AES-128-CBC
. Default value:NORMAL:-VERS-SSL3.0
. - timeout — maximum time of inactivity of the session. Default value — 600 sec.
The IPMI proxy via ihttpd module has been developed for DCImanager 5. In this connection, a new section — ipmiproxy — has been added:
ipmiproxy {
ipmiproxy_startport <Port range start>
ipmiproxy_endport <Port range end>
}
- Port range start — the start of the range of ports that use proxying when opening the JAVA console by a user. Default value — "49000". This field is available in version 5.157 or higher;
- Port range end — the end of the range of ports that use proxying when opening the JAVA console by a user. Default value — "50000". This field is available in version 5.157 or higher.
Example:
The built-in web-server will listen to all IPv4 addresses available using the default port ("*" equals "0.0.0.0")
listen {
ip *
}
The built-in web-server will listen to IPv4-address 5.6.7.8
listen {
ip 5.6.7.8
}
The built-in web-server will listen to IPv4-address 5.6.7.8 on port 1700
listen {
ip 5.6.7.8
port 1700
}
The built-in web-server will listen to IPv4-address 5.6.7.8 on port 1700 and the etc/my.crt file of the etc/my.key SSL certificate with the key for SSL requests (https)
listen {
ip 5.6.7.8
port 1700
certkey etc/my.key
cert etc/my.crt
}
The built-in web-server will listen to all IPv6 addresses available on the default port
listen {
ip ::
}
The built-in web-server will listen to IPv6-address 2001:db8::ae21:ad12 on port 1800
listen {
ip 2001:db8::ae21:ad12
port 1800
}
For the client with the address 5.6.7.8/24, access to 1.2.3.4/billmgr is allowed, and for all others /billmgr is prohibited:
listen {
ip 1.2.3.4
allow_ip billmgr 5.6.7.8/24
}
For clients with the address in the range 5.6.7.8-5.6.7.88. access to 1.2.3.4/billmgr is prohibited, and for all others /billmgr is allowed.
listen {
ip 1.2.3.4
deny_ip billmgr 5.6.7.8-5.6.7.88
}
After you have modified the ihttpd configuration file, restart the service:
Debian 7:
/etc/init.d/ihttpd restart
CentOS 7, Debian 8:
systemctl restart ihttpd
Index page
By default COREmanager opens at <server IP adddres>:1500. To change it into another panel, in the directory /usr/local/mgr5/bin/ create the index file with a <panel short name>
E.g. to open BILLmanager by default, create the file containing billmgr
#cat /usr/local/mgr5/bin/index
billmgr
Restart COREmanager
killall core
Technical details
The connection remains active for one hour.
Security header restrictions
The built-in ihttpd web server does not allow modification of the X-Frame-Options
header, the response will always come back with X-Frame-Options: SAMEORIGIN
.