Multiple Control Server Domains
Generate an SSL Certificate for the Additional Domain
Replace DOMAIN2.COM with your domain.
acme.sh --issue \
--webroot /opt/virtfusion/nginx/acme \
--keylength 4096 \
--server letsencrypt \
-d DOMAIN2.COM
Install the certificate.
acme.sh --installcert \
--keypath /opt/virtfusion/ssl/ssl-DOMAIN2.COM.key \
--fullchainpath /opt/virtfusion/ssl/ssl-DOMAIN2.COM.crt \
--reloadcmd "systemctl reload vf-nginx" \
-d DOMAIN2.COM
NGINX Configuration
Create a new configuration in /opt/virtfusion/nginx/conf/conf.d/
nano -w /opt/virtfusion/nginx/conf/conf.d/DOMAIN2.COM.conf
With the contents (don't forget to replace the DOMAIN2.COM references):
server {
server_name DOMAIN2.COM;
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
client_max_body_size 0;
index index.php;
root /opt/virtfusion/app/control/public;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /opt/virtfusion/ssl/ssl-DOMAIN2.COM.crt;
ssl_certificate_key /opt/virtfusion/ssl/ssl-DOMAIN2.COM.key;
ssl_dhparam /opt/virtfusion/ssl/dhparam.pem;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_buffer_size 1369;
include /opt/virtfusion/nginx/conf/gzip.conf;
include /opt/virtfusion/nginx/conf/error.conf;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /vnc/ {
proxy_pass http://vnc-backend;
proxy_read_timeout 360;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location = /ws/ {
proxy_pass http://ws-backend;
proxy_read_timeout 360;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location /admin {
error_page 418 /error.html;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_pass unix:/opt/virtfusion/php8/socket/control_admin.sock;
fastcgi_intercept_errors on;
include /opt/virtfusion/nginx/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
location / {
error_page 418 /error.html;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_pass unix:/opt/virtfusion/php8/socket/control_front.sock;
fastcgi_intercept_errors on;
include /opt/virtfusion/nginx/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
}
location ~* \.(php)$ {
return 404;
}
location ~* \.(ico|gif|svg|jpg|jpeg|png|js|css|woff|woff2|webmanifest|txt)$ {
try_files $uri =404;
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Reload NGINX:
systemctl reload vf-nginx
Add the Trusted Host
vfcli-ctrl trusted-hosts add DOMAIN2.COM
Additional Notes
If this is the first additional domain you have added. You will need to edit /opt/virtfusion/nginx/conf/conf.d/ui.conf and make a small change.
Find the section that starts with:
server {
server_name _;
listen 443 ssl;
listen [::]:443 ssl;
........
And replace the underscore in server_name _ to your main domain and reload vf-nginx.