...
This article provides a process to configure secure browsing (HTTPS) to the up.time Uptime IM web interface over SSL. The steps are guaranteed to work with the latest release of up.time 7.3 to Uptime IM 7.6. If you are looking for a similar solution for Uptime IM 7.7 and later, please see Implementing HTTPS Browsing for the Web Interface with Apache 2.4.x.
| Note | ||||
|---|---|---|---|---|
| ||||
| Upgrading the up.time Uptime Monitoring Station will overwrite the changes to httpd.conf, so when the upgrade is complete, be sure to update the httpd.conf file again. |
Configuring SSL
To configure SSL browsing in the up.time Uptime web interface, you must generate a server certificate, which identifies that server is using SSL for security, and perform some platform-specific configuration. The following steps will cover this process.
Generate or obtain a server certificate
You can purchase a recognized certificate from a vendor such as Verisign or Thawte.
...
Once OpenSSL is installed, enter the following commands (changing <openssl_dir> to the proper path for the OpenSSL installation directory) at the command line to generate the certificate key. The example uses 1024 bit encryption; if required, you can increase to your preferred value:
| Code Block |
|---|
cd <openssl_dir>/bin openssl genrsa -des3 -out uptime_ssl_server.key 1024 4096 openssl req -new -key uptime_ssl_server.key -out uptime_ssl_server.csr openssl x509 -reqsha512 -days 365nodes -in uptime_ssl_server.csrnewkey rsa:4096 -signkey uptime_ssl_serverkeyout domain.key -out uptime_ssl_server.crt |
Create a passphrase file
Create a passphrase file containing your SSL server password specified in the previous step. The up.time Web Server will require the password each time it restarts but a passphrase file will automate the request, so user intervention is not necessary.
Windows:
Open notepad and enter the following line where <your_SSL_server_password> is the password for your generated certificate keys.
| Code Block | ||
|---|---|---|
| ||
@echo <your_SSL_server_password> |
Save the file as passphrase.cmd.
Linux:
Open vim and enter the following lines; <your_SSL_server_password> is the password for your generated certificate keys.
| Code Block | ||
|---|---|---|
| ||
#!/bin/bash
echo "<your_SSL_server_password>" |
Save the file as passphrase.cmd.
Make the file executable.
| Code Block | ||
|---|---|---|
| ||
chmod +x passphrase.cmd |
Move the files to the
...
Uptime Infrastructure Monitor directory
Copy the following files to the <uptime_dir>/apache/conf directory where <uptime_dir> is the installation directory of up.time Uptime (the default installation directory is C:\Program Files\uptime software\uptime on Windows and /usr/local/uptime on Linux).
- uptime_ssl_server.key
- uptime_ssl_server.crt
- passphrase.cmd
...
Update httpd.conf
The following changes to the web server configuration file (httpd.conf) will allow it to use SSL.
Open <uptime_dir>/apache/conf/httpd.conf for editing. Where <uptime_dir> appears below, change it to reflect the directory where you have up.time Uptime installed (ex. c:/Program Files/uptime software/uptime). All path slashes in httpd.conf need to be forward slashes (rather than the usual backslash that is used in Windows).
To make browsing to the up.time Uptime UI easy for users, have it listen on the default up.time Uptime UI port, 9999, as well as the typical HTTP and HTTPS ports, 80 and 443.
Above the line "Listen 9999", add the following two lines:
...
| Code Block |
|---|
LoadModule rewrite_module modules/mod_rewrite.so LoadModule ssl_module/mod_ssl.so |
| Note |
|---|
Download mod_rewrite.soOn Linux installations of up.time Uptime Infrastructure Monitor 7.2 and earlier, the mod_rewrite.so file is not bundled with up.timeUptime Infrastructure Monitor, so it is necessary to download it from the bottom of this article here (mod_rewrite.so) and copy it to the <uptime_dir>/apache/modules directory. Then, in httpd.conf, add the "LoadModule rewrite_module modules/mod_rewrite.so" line after "# LoadModule foo_module modules/mod_foo.so". If issues are experienced with the version of mod_rewrite.so attached, try creating a symlink to the mod_rewrite.so file provided by the Linux distribution instead. |
Finally, the last part is to add entries in httpd.conf that will rewrite the requests as HTTPS. At the bottom of the httpd.conf file, add these lines, changing <uptime_dir> to the directory of your Uptime installation. Please note that the following example uses a specific list of your up.time installation:ciphers. You can change the list of ciphers according to your security requirements.
| Code Block | ||
|---|---|---|
| ||
SSLMutex default SSLPassPhraseDialog "exec:<uptime_dir>/apache/conf/passphrase.cmd"SSLProtocol ALL -SSLv2 -SSLv3 SSLCipherSuite ALL:!aNULL:!eNULL:!EXP:!DES:!RC4:!MD5:!PSK:!aECDH:!KRB5:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA SSLMutex default SSLSessionCache none <VirtualHost *:80> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> SSLEngine on DocumentRoot "<uptime_dir>/GUI" SSLCertificateFile "<uptime_dir>/apache/conf/uptime_ssl_server.crt" SSLCertificateKeyFile "<uptime_dir>/apache/conf/uptime_ssl_server.key"\t </VirtualHost> <VirtualHost *:9999> RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [NC,R,L] </VirtualHost> |
Update uptime.conf
Open the <uptime_dir>/uptime.conf file for editing and change the httpContext parameter (which begins with "httpContext=http://") to relfect reflect the use of SSL:
| Code Block | ||
|---|---|---|
| ||
httpContext=https://<Server_Hostname>:9999443 |
Restart the services
For the changes to take effect, restart the up.time Uptime Data Collector and up.time Uptime Web Server on Windows or uptime_core and uptime_httpd on Linux.
Starting (or restarting) and Stopping up.timeUptime Infrastructure Monitor