WebVirtMgr + SSL

Hi everyone,

I’ve been looking into WebVirtMgr for a moment and it’s a nice piece of software from a user perspective. There is only one thing that troubles me: The connection to its web interface is unencrypted.
The underlying webserver is gunicorn which supports ssl and any nethserver has working certificates by default so there should be no fundamental difficulties. Unfortunately I haven’t understood the structure of the WebVirtMgr scripts yet. The normal syntax for starting gunicorn with ssl support would be
gunicorn --workers=2 app:app --keyfile server.key --certfile server.crt
I’ve tried changing /usr/lib/systemd/system/webvirtmgr.service by adding my key and cert file:

ExecStart=/usr/bin/python /usr/lib/python2.7/site-packages/webvirtmgr/manage.py run_gunicorn -c /usr/lib/python2.7/site-packages/webvirtmgr/conf/gunicorn.conf.py --keyfile /etc/pki/tls/private/nethserver2017.key --certfile /etc/pki/tls/certs/nethserver2017.crt

Unfortunately that doesn’t do the trick. Does anyone know where I’m wrong?
I hope we can get this running. My next step would be a e-smith script to add the active certificate automatically.


I rather go with a simpler solution: create a proxy pass for it.

You could try with standard NS module, or do something more specific by following the WebVirtMgr installation doc: https://github.com/retspen/webvirtmgr/wiki/Install-WebVirtMgr

Thank you. Fortunately, I don’t need to try this. I had to restart my server to update the kernel and when it came back up my intended way worked just fine. Somehow just restarting the webvirtmgr service didn’t do the job.

I’ve written a small template to generate the changes automatically. It works for me, maybe someone could test it, too.

vi /etc/e-smith/templates-custom/usr/lib/systemd/system/webvirtmgr.service/10pki

Description=WebVirtMgr Gunicorn Server
ExecStart=/usr/bin/python /usr/lib/python2.7/site-packages/webvirtmgr/manage.py run_gunicorn -c /usr/lib/python2.7/site-packages/webvirtmgr/conf/gunicorn.conf.py --keyfile { $OUT .= $pki{KeyFile} || "/etc/pki/tls/private/NSRV.key"; } --certfile { $OUT .= $pki{CrtFile} || "/etc/pki/tls/certs/NSRV.crt"; }