Provide SSL via Apache
Commercial customers please refer to the detailed Knowledge Base article in the Zenoss Support Portal for a more detailed article on this topic
Setting up Zenoss to so that it is accessible via another URL (including one encrypted with SSL) can be achieved using Apache's mod_ssl and mod_rewrite modules. Both of these have extensive documentation on the Internet, and many Linux distributions package Apache with these two commonly used modules already installed for you. It is recommended that you read and understand the documentation on mod_ssl and mod_rewrite before attempting to set them up in your development environment.
Using mod_rewrite you can publish your Zenoss server behind any VirtualHost entry configured in Apache. This is useful if you wish to publish a CNAME alias for zenoss (e.g. http://zenoss.yourcompany.com/), or you wish to change the port people use to access Zenoss (e.g. from the default 8080 to 80). It's also useful when you wish to provide SSL access to your Zenoss server without reconfiguring Zope (the underlying application server Zenoss runs on top of).
It is highly recommended that you follow this procedure in production installations because it provides the following benefits:
- Encryption of Zenoss pages via SSL with minimal configuration changes
- Unprivileged user restart capability of Zenoss with the convenience of a privileged port
- Apache (running as root) binds to port 80
- Zenoss binds to port 8080
- Restarts of Zenoss are sometimes required, but they can be achieved using the zenoss user (not root)
- Reduced complexity of CNAME management (zenoss.yourcompany.com resides on the Apache server and forwards to an internet network address)
To get started with this configuration install mod_rewrite and mod_ssl. Then, add the following httpd configuration directive to your Apache configuration. Note that if you are using mod_ssl you should add this in your ssl.conf in the VirtualHost section for _default_:443 as the last entry. If you are not wrapping Zenoss in SSL you can place this configuration directive in any other VirtualHost section or in the top-level apache configuration. Note that the most common location for these files is /etc/httpd/conf.d/ssl.conf and /etc/httpd/conf/httpd.conf, although it can vary based upon how you installed Apache and what Linux distribution you are running.
The following rewrite directive forwards requests to your Zenoss server. Make sure you replace ${SERVER_NAME} with the hostname of your Zenoss server:
RewriteEngine On
RewriteRule ^/(.*) http://${SERVER_NAME}:8080/VirtualHostBase/https/${SERVER_NAME}:443/VirtualHostRoot/$1 [L,P]
More information about running zope with apache in the front end can be found here http://plone.org/documentation/tutorial/plone-apache/virtualhost
We also recommend you update zenactions.conf and set the zopeurl field to be https://${SERVER_NAME}. Doing so results in zenactions sending out emails that refer to the https server you are fronting Zenoss with.
