Contents [hide]
LetsEncrypt
If your Opsview Monitor web interface is public facing, securing your site with LetsEncrypt is likely the easiest solution.
Apache Configuration
Display your current Apache configuration with httpd
:
1 2 3 4 5 | [root@opsview ~] # httpd -S VirtualHost configuration: *:80 opsview.pikedom.com ( /etc/httpd/conf .d /opsview .conf:4) *:443 opsview.pikedom.com ( /etc/httpd/conf .d /ssl .conf:56) ... |
Edit your Apache configuration:
1 | [root@opsview ~] # vim /etc/httpd/conf.d/opsview.conf |
And add a FQDN:
1 2 3 4 | <VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy .conf < /VirtualHost > |
Check for syntax errors and restart Apache:
1 2 3 | [root@opsview ~] # httpd -t Syntax OK [root@opsview ~] # systemctl restart httpd |
Install LetsEncrypt
Before we can install LetsEncrypt, we need to enable the epel
repository:
1 | [root@opsview ~] # yum install epel-release |
Install LetsEncrypt with:
1 | [root@opsview ~] # yum install python2-certbot-apache |
Run the certbot
:
1 | [root@opsview ~] # certbot --apache |
This will generate the new certificate and edit your Apache configuration accordingly.
Amend Apache Configuration
Here I tidy-up the Apache configuration a bit. You’ll probably have something that looks something like this:
1 2 3 4 5 6 7 8 | [root@opsview ~] # httpd -S VirtualHost configuration: *:80 opsview.pikedom.com ( /etc/httpd/conf .d /opsview .conf:4) *:443 is a NameVirtualHost default server opsview.pikedom.com ( /etc/httpd/conf .d /opsview-le-ssl .conf:2) port 443 namevhost opsview.pikedom.com ( /etc/httpd/conf .d /opsview-le-ssl .conf:2) port 443 namevhost opsview.pikedom.com ( /etc/httpd/conf .d /ssl .conf:56) ... |
Create a new file for your Apache configuration:
1 | [root@opsview ~] # touch /etc/httpd/conf.d/opsview.pikedom.com.conf |
Combine the secure and non-secure Apache configuration files into one.
1 | [root@ovmon ~] # cat /etc/httpd/conf.d/opsview.conf /etc/httpd/conf.d/opsview-le-ssl.conf >> /etc/httpd/conf.d/ovmon.opsview.com.conf |
Amend further if necessary. My configure looks like so:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [root@opsview ~] # cat /etc/httpd/conf.d/opsview.pikedom.com.conf <VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy .conf RewriteEngine on RewriteCond %{SERVER_NAME} =opsview.pikedom.com RewriteRule ^ https: // %{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] < /VirtualHost > <IfModule mod_ssl.c> <VirtualHost *:443> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy .conf SSLCertificateFile /etc/letsencrypt/live/opsview .pikedom.com /cert .pem SSLCertificateKeyFile /etc/letsencrypt/live/opsview .pikedom.com /privkey .pem Include /etc/letsencrypt/options-ssl-apache .conf SSLCertificateChainFile /etc/letsencrypt/live/opsview .pikedom.com /chain .pem < /VirtualHost > < /IfModule > |
Remove the old configuration files:
1 2 3 4 5 | [root@opsview ~] # mkdir -v ~/apache-backup mkdir : created directory ‘ /root/apache-backup ’ [root@ovmon ~] # mv -v /etc/httpd/conf.d/{opsview.conf,opsview-le-ssl.conf} ~/apache-backup/ ‘ /etc/httpd/conf .d /opsview .conf’ -> ‘ /root/apache-backup/opsview .conf’ ‘ /etc/httpd/conf .d /opsview-le-ssl .conf’ -> ‘ /root/apache-backup/opsview-le-ssl .conf’ |
My final configuration looks like this:
1 2 3 4 5 6 7 8 | [root@opsview ~] # httpd -S VirtualHost configuration: *:80 opsview.pikedom.com ( /etc/httpd/conf .d /opsview .pikedom.com.conf:5) *:443 is a NameVirtualHost default server opsview.pikedom.com ( /etc/httpd/conf .d /opsview .pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com ( /etc/httpd/conf .d /opsview .pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com ( /etc/httpd/conf .d /ssl .conf:56) ... |
Don’t forget to check for syntax errors and restart Apache:
1 2 3 | [root@ovmon ~] # httpd -t Syntax OK [root@ovmon ~] # systemctl restart httpd |
If you need to restart Opsview Monitor, run:
1 | /opt/opsview/watchdog/bin/opsview-monit restart all |
And watch it come back up with:
1 | watch -n1 /opt/opsview/watchdog/bin/opsview-monit summary -B |
Press ctrl + c
to exit watch
.
Manually Install SSL Certificate
If you have already obtained an SSL certificate, you will need to manually install the certificate. See below for more information on this.
https://knowledge.opsview.com/docs/customization#section-apache-ssl-config
Be the first to comment