Current icinga2 weburl is running on Http by default. Is there any supported/simpler way to run it on Https?
I could not find any documentation of Https configuration on web. It sounds like apache related. Apology, I am not too familiar with Linux and apache.
enable the default VHost to listen on port 443 as well, also ensure that TLS certificates are created and configured in there.
Depending on how you’d like to reach Icinga Web 2 then, either create a rewrite rule for port 80 which enforces https with a redirect, or just allow only 443.
Copied the .crt file and .key file
cp icinga-monitoring.net.key /etc/apache2/ssl.key/
cp icinga-monitoring.net.crt /etc/apache2/ssl.crt/
Updated the global ssl
vim /etc/apache2/ssl-global.conf
SSLCertificateChainFile /etc/apache2/ssl.crt/icinga-monitoring.net.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/icinga-monitoring.net.key
As next step I think vhost need to updated with crt and key files. But I don’t have them. What am I missing
The location of the certificate and the key is not relevant. You can point your apache configuration to the right place.
If you have a loadbalancer you should have a look into TLS offloading and decide whether the loadbalancer should have the certificate for all hosts behind it. The next step would be secure traffic between the loadbalancer and the upstream (in this case your Icinga servers).
I think this question is a bit beyond the focus of this board because it is completely about TLS configuration of webservers and loadbalancers and it has nothing to do with Icinga specifically. We can still try to help but I think it would be better placed into some board about webserver configuration.
Yes I did. Config.txt for the vhost looks good to you right? I was worried about that. Another thing - am I suppose to use both chain and normal entry for certificate? I will check with the local network team in the mean time to see if there is something blocking