You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Contents

Configuring SSL
Generate or obtain a server certificate
Move the files to the Uptime Infrastructure Monitor directory Update httpd.conf
Download mod_rewrite.so Update uptime.conf
Restart the services

This article provides a process to configure secure browsing (HTTPS) to the Uptime IM web interface over SSL. The steps are guaranteed to work with up. time 7.3 to Uptime IM 7.6. If you are looking for a similar solution for Uptime IM 7.7 and later, please see Implementing HTTPS Browsing for the Web Interface with Apache 2.4.x.
Note
Upgrading the Uptime Monitoring Station will overwrite the changes to httpd.conf, so when the upgrade is complete, be sure to update the httpd.conf file again.

Configuring SSL

To configure SSL browsing in the Uptime web interface, you must generate a server certificate, which identifies that server is using SSL for security, and perform some platform-specific configuration. The following steps will cover this process.

Generate or obtain a server certificate

You can purchase a recognized certificate from a vendor such as Verisign or Thawte.
Alternately, you can generate your own non-recognized certificate. A non-recognized certificate is one that does not come from a certificate-issuing authority. To generate a non-recognized certificate, download and install the OpenSSL software. OpenSSL binaries for Windows can be obtained from Shining Light Productions.
Once OpenSSL is installed, enter the following commands (changing <openssl_dir> to the proper path for the OpenSSL installation directory) at the command line to generate the certificate key.
cd <openssl_dir>/bin
openssl genrsa -out uptime_ssl_server.key 4096
openssl req -x509 -sha512 -nodes -newkey rsa:4096 -keyout domain.key -out uptime_ssl_server.crt

Move the files to the Uptime Infrastructure Monitor directory

Copy the following files to the <uptime_dir>/apache/conf directory where <uptime_dir> is the installation directory of Uptime (the default installation directory is C:\Program Files\uptime software\uptime on Windows and /usr/local/uptime on Linux).
uptime_ssl_server.key uptime_ssl_server.crt
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="d35430da-99bf-4836-9540-d913f97f0b2b"><ac:parameter ac:name="">bookmark46</ac:parameter></ac:structured-macro>Update _httpd.conf
The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.
Open <uptime_dir>/apache/conf/httpd.conf for editing. Where <uptime_dir> appears below, change it to reflect the directory where you have Uptime installed (ex. c:/Program Files/uptime software/uptime). All path slashes in httpd.conf need to be forward slashes (rather than the usual backslash that is used in Windows).
To make browsing to the Uptime UI easy for users, have it listen on the default Uptime UI port, 9999, as well as the typical HTTP and HTTPS ports, 80 and 443.
Above the line "Listen 9999", add the following two lines:
Listen 80
Listen 443
To handle requests on each of these ports, 80, 443, and 9999, and redirect (actually rewrite) them properly, we will leverage the mod_rewrite.so module, so we need to enable it. In the httpd.conf file, uncomment the following two lines.
LoadModule rewrite_module modules/mod_rewrite.so LoadModule ssl_module/mod_ssl.so
Unable to render embedded object: File (worddav81a2f5861b9291cc8f3c6eaa1054bb9b.png) not found.<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="1e0dc6a6-656f-40c7-bf4f-97e26e60c207"><ac:parameter ac:name="">_bookmark47</ac:parameter></ac:structured-macro> <span style="color: #5e6c84">Download mod_rewrite.so</span>
<span style="color: #333333">On</span> <span style="color: #333333">Linux</span> <span style="color: #333333">installations</span> <span style="color: #333333">of</span> <span style="color: #333333">Uptime</span> <span style="color: #333333">Infrastructure</span> <span style="color: #333333">Monitor</span> <span style="color: #333333">7.2</span> <span style="color: #333333">and</span> <span style="color: #333333">earlier,</span> <span style="color: #333333">the</span> <span style="color: #333333">mod_rewrite.so</span> <span style="color: #333333">file</span> <span style="color: #333333">is</span> <span style="color: #333333">not</span> <span style="color: #333333">bundled</span> <span style="color: #333333">with</span> <span style="color: #333333">Uptime</span> <span style="color: #333333">Infrastructure</span> <span style="color: #333333">Monitor, so it is necessary to download it from</span> <span style="color: #0052cc">here (mod_rewrite.so)</span> <span style="color: #333333">and copy it to the <uptime_dir>/apache/modules directory.</span>
<span style="color: #333333">Then,</span> <span style="color: #333333">in</span> <span style="color: #333333">httpd.conf,</span> <span style="color: #333333">add</span> <span style="color: #333333">the</span> <span style="color: #333333">"LoadModule</span> <span style="color: #333333">rewrite_module</span> <span style="color: #333333">modules/mod_rewrite.so"</span> <span style="color: #333333">line</span> <span style="color: #333333">after</span> <span style="color: #333333">"#</span> <span style="color: #333333">LoadModule</span> <span style="color: #333333">foo_module</span> <span style="color: #333333">modules/mod_foo. so". If issues are experienced with the version of mod_rewrite.so attached, try creating a symlink to the mod_rewrite.so file provided by the Linux distribution instead.</span>
Finally, the last part is to add entries in httpd.conf that will rewrite the requests as HTTPS. At the bottom of the httpd.conf file, add these lines, changing <uptime_dir> to the directory of your Uptime installation. Please note that the following example uses a specific list of ciphers. You can change the list of ciphers according to your security requirements.
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!eNULL:!EXP:!DES:!RC4:!MD5:!PSK:!aECDH:!KRB5:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3- SHA
SSLMutex default SSLSessionCache none
<VirtualHost *:80> RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%\{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443> SSLEngine on
DocumentRoot "<uptime_dir>/GUI"
SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt" SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key"
</VirtualHost>
<VirtualHost *:9999> RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%\{SERVER_NAME}/$1 [NC,R,L]
</VirtualHost>
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="dd3d97eb-ca03-4f3c-9d91-af7d2425cfe1"><ac:parameter ac:name="">bookmark48</ac:parameter></ac:structured-macro>Update _uptime.conf
Open the <uptime_dir>/uptime.conf file for editing and change the httpContext parameter (which begins with "httpContext=http://") to reflect the use of SSL:
httpContext=https://<Server_Hostname>:443

Restart the services

For the changes to take effect, restart the Uptime Data Collector and Uptime Web Server on Windows or uptime_core and uptime_httpd on Linux. Starting (or restarting) and Stopping Uptime Infrastructure Monitor

  • No labels