Date: Thu, 28 Mar 2024 11:00:32 +0000 (UTC) Message-ID: <1325534076.5341.1711623632413@ip-10-0-1-161.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_5340_1103951028.1711623632410" ------=_Part_5340_1103951028.1711623632410 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Contents
This article provides a process to configure secure browsing (HTTPS) to = the Uptime web interface over SSL. The steps are guaranteed to work w= ith Uptime IM 7.7 and later. If you are looking for a similar solutio= n for an earlier version of Uptime IM, please see Imple= menting HTTPS Browsing for the Web Interface with Apache 2.2.
Note
To configure SSL browsing in the Uptime web interface, you must generate= a server certificate, which identifies that server is using SSL for securi= ty, and perform some platform-specific configuration. The following steps w= ill cover this process.
You can purchase a recognized certificate= from a vendor such as Verisign or Thawte.
Alternately, you can generate your own no= n-recognized certificate. A non-recognized certificate is one that does not= come from a certificate-issuing authority. To generate a non-recognized ce= rtificate, download and install the OpenSSL software. OpenSSL bi= naries for Windows can be obtained from Shini= ng Light Productions.
Once OpenSSL is installed, enter the foll= owing commands (changing <openssl_dir> to the proper path for the Ope= nSSL installation directory) at the command line to generate the certificat= e key.
cd <= openssl_dir>/bin openssl req -new -x509 -newkey rsa:4096 -nodes -out uptime_ssl_server.crt -= keyout uptime_ssl_server.key
You'll need to pull key and crt fil= es from the pfx first. To do this:
Take the file you exported (e.g. ce= rtname.pfx) and copy it to your Uptime server, or somewhere you have openSS= L installed. You=E2=80=99ll need to supply your password the pfx file was c= reated with in the steps that follow.
Copy the following files to the <uptim= e_dir>/apache/conf directory where <uptime_dir> is the installatio= n directory of Uptime (the default installation directory is C:\Program Fil= es\uptime software\uptime on Windows and /usr/local/uptime on Linux).
The following changes to the web server c= onfiguration file (httpd.conf) will allow it to use SSL.
Open <uptime_dir>/apache/conf/httpd= .conf for editing. Where <uptime_dir> appears below, change it to ref= lect the directory where you have Uptime installed (ex. c:/Program Files/up= time software/uptime). All path slashes in httpd.conf need to be forward sl= ashes (rather than the usual backslash that is used in Windows).
To make browsing to the Uptime UI easy fo=
r users, have it listen on the default Uptime UI port, 9999, as well as the=
typical HTTP and HTTPS ports, 80 and 443.
Above the line "Listen 9999", add the following two lines:
Listen = 80=20 Listen 443
To handle requests on each of these ports= , 80, 443, and 9999, and redirect (actually rewrite) them properly, we will= leverage the mod_rewrite.so module, so we need to enable it. In the httpd.conf file, uncomment the following = line.
LoadMod= ule rewrite_module modules/mod_rewrite.so
Finally, the last part is to add entries = in httpd.conf that will rewrite the requests as HTTPS. At the bottom of the= httpd.conf file, add these lines, changing <uptime_dir> to the direc= tory of your Uptime installation. Please note that the following exam= ple uses a specific list of ciphers. You can change the list of ciphe= rs according to your security requirements.
SSLProto= col -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RS= A-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-= AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!P= SK:!SRP:!DSS SSLHonorCipherOrder On SSLSessionCache none <VirtualHost *:80>=20 RewriteEngine on=20 RewriteCond %{SERVER_PORT} !^443$=20 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]=20 </VirtualHost>=20 <VirtualHost *:443>=20 SSLEngine on=20 DocumentRoot "<uptime_dir>/GUI"=20 SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.= crt"=20 SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_serv= er.key"=20 </VirtualHost>=20 <VirtualHost *:9999>=20 RewriteEngine on=20 RewriteCond %{SERVER_PORT} !^443$=20 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L]=20 </VirtualHost>
Open the <uptime_dir>/uptime.conf f= ile for editing and change the httpContext parameter (which begins with "ht= tpContext=3Dhttp://") to reflect the use of SSL:
httpCont= ext=3Dhttps://<Server_Hostname>:443
For the changes to take effect, restart t= he Uptime Web Server on Windows or uptime_httpd on Linux.
Starting (or restart= ing) and Stopping Uptime Infrastructure Monitor