Hi there,
Current icinga2 weburl is running on Http by default. Is there any supported/simpler way to run it on Https?
I could not find any documentation of Https configuration on web. It sounds like apache related. Apology, I am not too familiar with Linux and apache.
regards,
Max
Hello,
you have to do the configuration in apache. There are plenty howto on the web if you google for it.
Regards,
Carsten
Hi,
enable the default VHost to listen on port 443 as well, also ensure that TLS certificates are created and configured in there.
Depending on how you’d like to reach Icinga Web 2 then, either create a rewrite rule for port 80 which enforces https with a redirect, or just allow only 443.
Here’s an example on the docs for a VHost configuration.
Cheers,
Michael
Here is how to configure Apache to redirect to Https. Mine is on Centos.
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https: //%{HTTP_HOST}%{REQUEST_URI}/$1 [R,L]
3)Restart the httpd service
service httpd restart
Hello
I do not want to open a new thread on this. As my question is in line with the topic
I am on SLES
I have my own cert and key and pkcs loadbalancer.
Where do I put the key and cert to configure the web to open via load balancer on port 443
vim /etc/sysconfig/apache2
APACHE_MODULES=“actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout wsgi authn_core rewrite php7 status”
…
…
.
APACHE_SERVER_FLAGS=“SSL”
Copied the .crt file and .key file
cp icinga-monitoring.net.key /etc/apache2/ssl.key/
cp icinga-monitoring.net.crt /etc/apache2/ssl.crt/
Updated the global ssl
vim /etc/apache2/ssl-global.conf
SSLCertificateChainFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/icinga-monitoring.net.key
As next step I think vhost need to updated with crt and key files. But I don’t have them. What am I missing
The location of the certificate and the key is not relevant. You can point your apache configuration to the right place.
If you have a loadbalancer you should have a look into TLS offloading and decide whether the loadbalancer should have the certificate for all hosts behind it. The next step would be secure traffic between the loadbalancer and the upstream (in this case your Icinga servers).
I think this question is a bit beyond the focus of this board because it is completely about TLS configuration of webservers and loadbalancers and it has nothing to do with Icinga specifically. We can still try to help but I think it would be better placed into some board about webserver configuration.
Hello I have further configured as below.
vim /etc/apache2/ssl-global.conf
SSLCertificateFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/icinga-monitoring.net.key
SSLCertificateChainFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
Copying the default template to create specific vhost
cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/icingaweb2ssl.conf
vim /etc/apache2/vhosts.d/icingaweb2ssl.conf
Added the following as attached
config.txt (2.6 KB)
But getting this page cannot be displayed when calling
https://icinga-monitoring.net
Did you update your local DNS to point this URL to your Icinga host?
Hello Thomas
Yes I did. Config.txt for the vhost looks good to you right? I was worried about that. Another thing - am I suppose to use both chain and normal entry for certificate? I will check with the local network team in the mean time to see if there is something blocking