Possible to secure the webserver service?

shadowfoxshadowfox
edited October 2013 in Monitoring Software v12 and lower
I'd like to run the webserver service over SSL to secure the data on my network, is this at all supported in current versions? I found some limited information on google for older versions, which didn't work. I don't really care if it still runs on port 1272 aslong as it can be SSLed with a cert.

Comments

  • AdministratorAdministrator
    http://wiki.serverscheck.com/index.php/Configuring_Web_Server_in_HTTPS_Mode



    Alternative is to use Nginx and do the SSL there and route internally on your server.



    It is highly recommended not to connect any monitoring system to the outside world for obvious security reasons. See our wiki on securing a monitoring setup.
  • shadowfoxshadowfox
    Thanks, I'll try it, downloading openssl now. I noticed right off the bat that http://files.serverscheck.net/conf/ssl.conf doesn't exist anymore, does it have a new link available?
  • AdministratorAdministrator
    Here it is:

    http://downloads.serverscheck.com/monitoring_software/files/ssl.conf
  • shadowfoxshadowfox
    The files folder is locked down and it doesn't trigger a download when I put the full url in the browser, just shows a blank page. Does the file not have any data inside?
  • AdministratorAdministrator
    It is an empty file - just create a file called ssl.conf (case sensitive) in your /conf subfolder
  • shadowfoxshadowfox
    Ok thanks, everything works as stated upto the actual connecting to the url part.



    "If you see the message "Enabling HTTPS (SSL) Server", then this indicates that SSL mode is active. You will now be able to connect to the web server via https (only!). The new url will be https://localhost:1272"



    I get the same message, but I can't connect to the url, it doesn't display anything. The insecure fallback http://localhost:1272 stops working as it indicated would.



    If i take away the ssl.conf file I can then access https://localhost:1272 but that's really back where I started.



    Any ideas? Do any users successfully run this with SSL?
  • AdministratorAdministrator
    Most likely it is showing an empty page due to the security settings of your browser. As the certificate is not issued by a trusted root certificate but self issued, most browsers block it.



    To bypass that you need to modify the security settings of your browser
This discussion has been closed.