Icinga web 2 on https

Hi there,

Current icinga2 weburl is running on Http by default. Is there any supported/simpler way to run it on Https?
I could not find any documentation of Https configuration on web. It sounds like apache related. Apology, I am not too familiar with Linux and apache.



you have to do the configuration in apache. There are plenty howto on the web if you google for it.



enable the default VHost to listen on port 443 as well, also ensure that TLS certificates are created and configured in there.

Depending on how you’d like to reach Icinga Web 2 then, either create a rewrite rule for port 80 which enforces https with a redirect, or just allow only 443.

Here’s an example on the docs for a VHost configuration.


1 Like

Here is how to configure Apache to redirect to Https. Mine is on Centos.

  1. Install mod_ssl module
    yum install mod_ssl
  2. Redirect HTTP to HTTPs
    vim /etc/httpd/conf.d/icingaweb2.conf
    Add RewriteCond and Rewriterule

RewriteCond %{HTTPS} off
RewriteRule ^.*$ https: //%{HTTP_HOST}%{REQUEST_URI}/$1 [R,L]

3)Restart the httpd service
service httpd restart



I do not want to open a new thread on this. As my question is in line with the topic

I am on SLES
I have my own cert and key and pkcs loadbalancer.

Where do I put the key and cert to configure the web to open via load balancer on port 443

vim /etc/sysconfig/apache2

APACHE_MODULES=“actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout wsgi authn_core rewrite php7 status”


Copied the .crt file and .key file
cp icinga-monitoring.net.key /etc/apache2/ssl.key/
cp icinga-monitoring.net.crt /etc/apache2/ssl.crt/

Updated the global ssl
vim /etc/apache2/ssl-global.conf
SSLCertificateChainFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/icinga-monitoring.net.key

As next step I think vhost need to updated with crt and key files. But I don’t have them. What am I missing

The location of the certificate and the key is not relevant. You can point your apache configuration to the right place.

If you have a loadbalancer you should have a look into TLS offloading and decide whether the loadbalancer should have the certificate for all hosts behind it. The next step would be secure traffic between the loadbalancer and the upstream (in this case your Icinga servers).

I think this question is a bit beyond the focus of this board because it is completely about TLS configuration of webservers and loadbalancers and it has nothing to do with Icinga specifically. We can still try to help but I think it would be better placed into some board about webserver configuration.

Hello I have further configured as below.
vim /etc/apache2/ssl-global.conf

SSLCertificateFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/icinga-monitoring.net.key
SSLCertificateChainFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt

Copying the default template to create specific vhost

cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/icingaweb2ssl.conf
vim /etc/apache2/vhosts.d/icingaweb2ssl.conf

Added the following as attached
config.txt (2.6 KB)

But getting this page cannot be displayed when calling

Did you update your local DNS to point this URL to your Icinga host?

Hello Thomas

Yes I did. Config.txt for the vhost looks good to you right? I was worried about that. Another thing - am I suppose to use both chain and normal entry for certificate? I will check with the local network team in the mean time to see if there is something blocking