Contents
LetsEncrypt
If your Opsview Monitor web interface is public facing, securing your site with LetsEncrypt is likely the easiest solution.
Apache Configuration
Display your current Apache configuration with httpd:
[root@opsview ~]# httpd -S VirtualHost configuration: *:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4) *:443 opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56) ...
Edit your Apache configuration:
[root@opsview ~]# vim /etc/httpd/conf.d/opsview.conf
And add a FQDN:
<VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf </VirtualHost>
Check for syntax errors and restart Apache:
[root@opsview ~]# httpd -t Syntax OK [root@opsview ~]# systemctl restart httpd
Install LetsEncrypt
Before we can install LetsEncrypt, we need to enable the epel repository:
[root@opsview ~]# yum install epel-release
Install LetsEncrypt with:
[root@opsview ~]# yum install python2-certbot-apache
Run the certbot:
[root@opsview ~]# certbot --apache
This will generate the new certificate and edit your Apache configuration accordingly.
Amend Apache Configuration
Here I tidy-up the Apache configuration a bit. You’ll probably have something that looks something like this:
[root@opsview ~]# httpd -S
VirtualHost configuration:
*:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4)
*:443 is a NameVirtualHost
default server opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2)
port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2)
port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56)
...
Create a new file for your Apache configuration:
[root@opsview ~]# touch /etc/httpd/conf.d/opsview.pikedom.com.conf
Combine the secure and non-secure Apache configuration files into one.
[root@ovmon ~]# cat /etc/httpd/conf.d/opsview.conf /etc/httpd/conf.d/opsview-le-ssl.conf >> /etc/httpd/conf.d/ovmon.opsview.com.conf
Amend further if necessary. My configure looks like so:
[root@opsview ~]# cat /etc/httpd/conf.d/opsview.pikedom.com.conf
<VirtualHost *:80>
ServerName opsview.pikedom.com
Include /opt/opsview/webapp/etc/apache_proxy.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =opsview.pikedom.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName opsview.pikedom.com
Include /opt/opsview/webapp/etc/apache_proxy.conf
SSLCertificateFile /etc/letsencrypt/live/opsview.pikedom.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/opsview.pikedom.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/opsview.pikedom.com/chain.pem
</VirtualHost>
</IfModule>
Remove the old configuration files:
[root@opsview ~]# mkdir -v ~/apache-backup
mkdir: created directory ‘/root/apache-backup’
[root@ovmon ~]# mv -v /etc/httpd/conf.d/{opsview.conf,opsview-le-ssl.conf} ~/apache-backup/
‘/etc/httpd/conf.d/opsview.conf’ -> ‘/root/apache-backup/opsview.conf’
‘/etc/httpd/conf.d/opsview-le-ssl.conf’ -> ‘/root/apache-backup/opsview-le-ssl.conf’
My final configuration looks like this:
[root@opsview ~]# httpd -S
VirtualHost configuration:
*:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:5)
*:443 is a NameVirtualHost
default server opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14)
port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14)
port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56)
...
Don’t forget to check for syntax errors and restart Apache:
[root@ovmon ~]# httpd -t Syntax OK [root@ovmon ~]# systemctl restart httpd
If you need to restart Opsview Monitor, run:
/opt/opsview/watchdog/bin/opsview-monit restart all
And watch it come back up with:
watch -n1 /opt/opsview/watchdog/bin/opsview-monit summary -B
Press ctrl + c to exit watch.
Manually Install SSL Certificate
If you have already obtained an SSL certificate, you will need to manually install the certificate. See below for more information on this.
https://knowledge.opsview.com/docs/customization#section-apache-ssl-config
Be the first to comment