Aug 16, 2012 12:15 PM
Enabling SSL in Zenoss 4.2
-
Like (0)
Hello All:
What's the procedure for enabling SSL in Zenoss 4.2? The doc I have just states to insert the below into my zope.conf file. Do I install the certs on Apache or inside of Zenoss? Please point me to the correct docs? Thanks for all your help.
<cgi-environment>
HTTPS ON
</cgi-environment>
I have not personally done it,but from what I've seen using Apache to fron Zenoss is the general approach. I dont think there is anything unique to core 4 vs previous version. Have a look at docs/DOC-2516
I've done it by using the pound reverse proxy, this is probably the easiest method and lighter on memory usage than perhaps with apache or similar.
With pound, you edit the /etc/pound/pound.cfg providing the SSL listener on port 443, generating yourself a certificate for use with pound, and then pointing your server to localhost:8080 for Zenoss - obviously assuming pound is installed on the same server, if elsewhere, exchange localhost for the IP of the system in question.
For completeness, my pound.cfg:
ListenHTTPS
# Your IP of the server here.
Address x.x.x.x
Port 443
Cert "/etc/pound/zenoss.pem"
Service
BackEnd
Address 127.0.0.1
Port 8080
End
End
End
ianw1974:
I would either use Apache with a reverse proxy for SSL facility (as suggested by Jams) or wait on zenwebserver, a zenpack that provides SSL facility and load balancing across zopes.
Best,
--Shane Scott (Hackman238)
Sure of course, you could even use squid for a reverse proxy. The good thing about open source, the choice, however for me apache or squid is a bit overkill for just a bit of redirecting with SSL.
Do you have any further information on this? I having trouble getting SSL to work reliably on my setup....
Hello All:
A former colleague of mine instructed me to do the following.
Please look into how Reverse proxies work before doing anything I have
layed out here.
1. setup you ssl certs( In our case we were our own CA).
2. setup Apache to be a Reverse Proxy. Example below. Tweak Apache as you
see fit.
ProxyRequests Off
ProxyPass ^/$ http://localhost:8080
ProxyPassReverse ^/$ http://localhost:8080
3. Edit /opt/zenoss/etc/zope.conf
<cgi-environment>
</cgi-environment>
ip-address 127.0.0.1
Note: The regex above is not what's in the config I used at work. Please make changes as you deem fit.
Follow Us On Twitter »
|
Latest from the Zenoss Blog » | Community | Products | Services Resources | Customers Partners | About Us | ||
Copyright © 2005-2011 Zenoss, Inc.
|
||||||||