I’ve been looking into WebVirtMgr for a moment and it’s a nice piece of software from a user perspective. There is only one thing that troubles me: The connection to its web interface is unencrypted.
The underlying webserver is gunicorn which supports ssl and any nethserver has working certificates by default so there should be no fundamental difficulties. Unfortunately I haven’t understood the structure of the WebVirtMgr scripts yet. The normal syntax for starting gunicorn with ssl support would be gunicorn --workers=2 app:app --keyfile server.key --certfile server.crt
I’ve tried changing /usr/lib/systemd/system/webvirtmgr.service by adding my key and cert file:
Unfortunately that doesn’t do the trick. Does anyone know where I’m wrong?
I hope we can get this running. My next step would be a e-smith script to add the active certificate automatically.
Thank you. Fortunately, I don’t need to try this. I had to restart my server to update the kernel and when it came back up my intended way worked just fine. Somehow just restarting the webvirtmgr service didn’t do the job.
I’ve written a small template to generate the changes automatically. It works for me, maybe someone could test it, too.
vi /etc/e-smith/templates-custom/usr/lib/systemd/system/webvirtmgr.service/10pki