I’ve been looking into WebVirtMgr for a moment and it’s a nice piece of software from a user perspective. There is only one thing that troubles me: The connection to its web interface is unencrypted.
The underlying webserver is gunicorn which supports ssl and any nethserver has working certificates by default so there should be no fundamental difficulties. Unfortunately I haven’t understood the structure of the WebVirtMgr scripts yet. The normal syntax for starting gunicorn with ssl support would be
gunicorn --workers=2 app:app --keyfile server.key --certfile server.crt
I’ve tried changing
/usr/lib/systemd/system/webvirtmgr.service by adding my key and cert file:
ExecStart=/usr/bin/python /usr/lib/python2.7/site-packages/webvirtmgr/manage.py run_gunicorn -c /usr/lib/python2.7/site-packages/webvirtmgr/conf/gunicorn.conf.py --keyfile /etc/pki/tls/private/nethserver2017.key --certfile /etc/pki/tls/certs/nethserver2017.crt
Unfortunately that doesn’t do the trick. Does anyone know where I’m wrong?
I hope we can get this running. My next step would be a e-smith script to add the active certificate automatically.