Contents [hide]
LetsEncrypt
If your Opsview Monitor web interface is public facing, securing your site with LetsEncrypt is likely the easiest solution.
Apache Configuration
Display your current Apache configuration with httpd:
1 2 3 4 5 | [root@opsview ~]# httpd -SVirtualHost configuration:*:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4)*:443 opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56)... |
Edit your Apache configuration:
1 | [root@opsview ~]# vim /etc/httpd/conf.d/opsview.conf |
And add a FQDN:
1 2 3 4 | <VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf</VirtualHost> |
Check for syntax errors and restart Apache:
1 2 3 | [root@opsview ~]# httpd -tSyntax OK[root@opsview ~]# systemctl restart httpd |
Install LetsEncrypt
Before we can install LetsEncrypt, we need to enable the epel repository:
1 | [root@opsview ~]# yum install epel-release |
Install LetsEncrypt with:
1 | [root@opsview ~]# yum install python2-certbot-apache |
Run the certbot:
1 | [root@opsview ~]# certbot --apache |
This will generate the new certificate and edit your Apache configuration accordingly.
Amend Apache Configuration
Here I tidy-up the Apache configuration a bit. You’ll probably have something that looks something like this:
1 2 3 4 5 6 7 8 | [root@opsview ~]# httpd -SVirtualHost configuration:*:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4)*:443 is a NameVirtualHost default server opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56)... |
Create a new file for your Apache configuration:
1 | [root@opsview ~]# touch /etc/httpd/conf.d/opsview.pikedom.com.conf |
Combine the secure and non-secure Apache configuration files into one.
1 | [root@ovmon ~]# cat /etc/httpd/conf.d/opsview.conf /etc/httpd/conf.d/opsview-le-ssl.conf >> /etc/httpd/conf.d/ovmon.opsview.com.conf |
Amend further if necessary. My configure looks like so:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | [root@opsview ~]# cat /etc/httpd/conf.d/opsview.pikedom.com.conf<VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf RewriteEngine on RewriteCond %{SERVER_NAME} =opsview.pikedom.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]</VirtualHost><IfModule mod_ssl.c><VirtualHost *:443> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf SSLCertificateFile /etc/letsencrypt/live/opsview.pikedom.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/opsview.pikedom.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/opsview.pikedom.com/chain.pem</VirtualHost></IfModule> |
Remove the old configuration files:
1 2 3 4 5 | [root@opsview ~]# mkdir -v ~/apache-backupmkdir: created directory ‘/root/apache-backup’[root@ovmon ~]# mv -v /etc/httpd/conf.d/{opsview.conf,opsview-le-ssl.conf} ~/apache-backup/‘/etc/httpd/conf.d/opsview.conf’ -> ‘/root/apache-backup/opsview.conf’‘/etc/httpd/conf.d/opsview-le-ssl.conf’ -> ‘/root/apache-backup/opsview-le-ssl.conf’ |
My final configuration looks like this:
1 2 3 4 5 6 7 8 | [root@opsview ~]# httpd -SVirtualHost configuration:*:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:5)*:443 is a NameVirtualHost default server opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56)... |
Don’t forget to check for syntax errors and restart Apache:
1 2 3 | [root@ovmon ~]# httpd -tSyntax OK[root@ovmon ~]# systemctl restart httpd |
If you need to restart Opsview Monitor, run:
1 | /opt/opsview/watchdog/bin/opsview-monit restart all |
And watch it come back up with:
1 | watch -n1 /opt/opsview/watchdog/bin/opsview-monit summary -B |
Press ctrl + c to exit watch.
Manually Install SSL Certificate
If you have already obtained an SSL certificate, you will need to manually install the certificate. See below for more information on this.
https://knowledge.opsview.com/docs/customization#section-apache-ssl-config
Be the first to comment