Contents
LetsEncrypt
If your Opsview Monitor web interface is public facing, securing your site with LetsEncrypt is likely the easiest solution.
Apache Configuration
Display your current Apache configuration with httpd:
[[email protected] ~]# httpd -S VirtualHost configuration: *:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4) *:443 opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56) ...
Edit your Apache configuration:
[[email protected] ~]# vim /etc/httpd/conf.d/opsview.conf
And add a FQDN:
<VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf </VirtualHost>
Check for syntax errors and restart Apache:
[[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd
Install LetsEncrypt
Before we can install LetsEncrypt, we need to enable the epel repository:
[[email protected] ~]# yum install epel-release
Install LetsEncrypt with:
[[email protected] ~]# yum install python2-certbot-apache
Run the certbot:
[[email protected] ~]# certbot --apache
This will generate the new certificate and edit your Apache configuration accordingly.
Amend Apache Configuration
Here I tidy-up the Apache configuration a bit. You’ll probably have something that looks something like this:
[[email protected] ~]# httpd -S VirtualHost configuration: *:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.conf:4) *:443 is a NameVirtualHost default server opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview-le-ssl.conf:2) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56) ...
Create a new file for your Apache configuration:
[roo[email protected] ~]# touch /etc/httpd/conf.d/opsview.pikedom.com.conf
Combine the secure and non-secure Apache configuration files into one.
[[email protected] ~]# cat /etc/httpd/conf.d/opsview.conf /etc/httpd/conf.d/opsview-le-ssl.conf >> /etc/httpd/conf.d/ovmon.opsview.com.conf
Amend further if necessary. My configure looks like so:
[[email protected] ~]# cat /etc/httpd/conf.d/opsview.pikedom.com.conf <VirtualHost *:80> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf RewriteEngine on RewriteCond %{SERVER_NAME} =opsview.pikedom.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerName opsview.pikedom.com Include /opt/opsview/webapp/etc/apache_proxy.conf SSLCertificateFile /etc/letsencrypt/live/opsview.pikedom.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/opsview.pikedom.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/opsview.pikedom.com/chain.pem </VirtualHost> </IfModule>
Remove the old configuration files:
[[email protected] ~]# mkdir -v ~/apache-backup mkdir: created directory ‘/root/apache-backup’ [[email protected] ~]# mv -v /etc/httpd/conf.d/{opsview.conf,opsview-le-ssl.conf} ~/apache-backup/ ‘/etc/httpd/conf.d/opsview.conf’ -> ‘/root/apache-backup/opsview.conf’ ‘/etc/httpd/conf.d/opsview-le-ssl.conf’ -> ‘/root/apache-backup/opsview-le-ssl.conf’
My final configuration looks like this:
[[email protected] ~]# httpd -S VirtualHost configuration: *:80 opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:5) *:443 is a NameVirtualHost default server opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/opsview.pikedom.com.conf:14) port 443 namevhost opsview.pikedom.com (/etc/httpd/conf.d/ssl.conf:56) ...
Don’t forget to check for syntax errors and restart Apache:
[[email protected] ~]# httpd -t Syntax OK [[email protected] ~]# systemctl restart httpd
If you need to restart Opsview Monitor, run:
/opt/opsview/watchdog/bin/opsview-monit restart all
And watch it come back up with:
watch -n1 /opt/opsview/watchdog/bin/opsview-monit summary -B
Press ctrl + c to exit watch.
Manually Install SSL Certificate
If you have already obtained an SSL certificate, you will need to manually install the certificate. See below for more information on this.
https://knowledge.opsview.com/docs/customization#section-apache-ssl-config
Be the first to comment