Date: Fri, 29 Mar 2024 00:03:29 +0000 (UTC) Message-ID: <1985534686.5555.1711670609340@ip-10-0-1-161.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_5554_2123111854.1711670609336" ------=_Part_5554_2123111854.1711670609336 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Contents
This article provides a process to configure secure browsing (HTTPS) to = the Uptime IM web interface over SSL. The steps are guaranteed to wor= k with up.time 7.3 to Uptime IM 7.6. If you are looking for a similar= solution for Uptime IM 7.7 and later, please see Imp= lementing HTTPS Browsing for the Web Interface with Apache 2.4.x.
Note
To configure SSL browsing in the Uptime web interface, you must generate= a server certificate, which identifies that server is using SSL for securi= ty, and perform some platform-specific configuration. The following steps w= ill cover this process.
You can purchase a recognized certificate= from a vendor such as Verisign or Thawte.
Alternately, you can generate your own no= n-recognized certificate. A non-recognized certificate is one that does not= come from a certificate-issuing authority. To generate a non-recognized ce= rtificate, download and install the OpenSSL software. OpenSSL binaries= for Windows can be obtained from Shining Light Pr= oductions.
Once OpenSSL is installed, enter the foll= owing commands (changing <openssl_dir> to the proper path for the Ope= nSSL installation directory) at the command line to generate the certificat= e key.
cd <= openssl_dir>/bin openssl genrsa -out uptime_ssl_server.key 4096 openssl req -x509 -sha512 -nodes -newkey rsa:4096 -keyout domain.key -out u= ptime_ssl_server.crt
Copy the following files to the <uptim= e_dir>/apache/conf directory where <uptime_dir> is the installatio= n directory of Uptime (the default installation directory is C:\Program Fil= es\uptime software\uptime on Windows and /usr/local/uptime on Linux).
The following changes to the web server c= onfiguration file (httpd.conf) will allow it to use SSL.
Open <uptime_dir>/apache/conf/httpd= .conf for editing. Where <uptime_dir> appears below, change it to ref= lect the directory where you have Uptime installed (ex. c:/Program Files/up= time software/uptime). All path slashes in httpd.conf need to be forward sl= ashes (rather than the usual backslash that is used in Windows).
To make browsing to the Uptime UI easy fo=
r users, have it listen on the default Uptime UI port, 9999, as well as the=
typical HTTP and HTTPS ports, 80 and 443.
Above the line "Listen 9999", add the following two lines:
Listen = 80=20 Listen 443
To handle requests on each of these ports= , 80, 443, and 9999, and redirect (actually rewrite) them properly, we will= leverage the mod_rewrite.so module, so we need to enable it. In the httpd.conf file, uncomment the following = two lines.
LoadMod= ule rewrite_module modules/mod_rewrite.so LoadModule ssl_module/mod_ssl.so
On Linux installations of Uptime Infrastructure Monitor 7.2 and earlier,= the mod_rewrite.so file is not bundled with Uptime Infrastructure Monitor,= so it is necessary to download it from here (mod_rewrite.so) and copy it to th= e <uptime_dir>/apache/modules directory.
Then, in httpd.conf, add the "LoadModule rewrite_module modules/mod_rewr= ite.so" line after "# LoadModule foo_module modules/mod_foo.so". If issues = are experienced with the version of mod_rewrite.so attached, try creating a= symlink to the mod_rewrite.so file provided by the Linux distribution inst= ead.
Finally, the last part is to add entries = in httpd.conf that will rewrite the requests as HTTPS. At the bottom of the= httpd.conf file, add these lines, changing <uptime_dir> to the direc= tory of your Uptime installation. Please note that the following exam= ple uses a specific list of ciphers. You can change the list of ciphe= rs according to your security requirements.
SSLProto= col ALL -SSLv2 -SSLv3 SSLCipherSuite ALL:!aNULL:!eNULL:!EXP:!DES:!RC4:!MD5:!PSK:!aECDH:!KRB5:!EDH= -DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA SSLMutex default=20 SSLSessionCache none=20 <VirtualHost *:80>=20 RewriteEngine on=20 RewriteCond %{SERVER_PORT} !^443$=20 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]=20 </VirtualHost>=20 <VirtualHost *:443>=20 SSLEngine on=20 DocumentRoot "<uptime_dir>/GUI"=20 SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.= crt"=20 SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_serv= er.key"=20 </VirtualHost>=20 <VirtualHost *:9999>=20 RewriteEngine on=20 RewriteCond %{SERVER_PORT} !^443$=20 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]=20 </VirtualHost>
Open the <uptime_dir>/uptime.conf f= ile for editing and change the httpContext parameter (which begins with "ht= tpContext=3Dhttp://") to reflect the use of SSL:
httpCont= ext=3Dhttps://<Server_Hostname>:443
For the changes to take effect, restart t= he Uptime Data Collector and Uptime Web Server on Windows or uptime_core an= d uptime_httpd on Linux.
Starting (or restart= ing) and Stopping Uptime Infrastructure Monitor