Enabling SSL in Zenoss 4.2

Archived community.zenoss.org | full text search

Skip navigation

Up to Discussions in zenoss-users

4533 Views 7 Replies Latest reply: Sep 11, 2012 11:34 AM by Ezra Taylor

Ezra Taylor

2 posts since
Aug 16, 2012

Currently Being Moderated

Aug 16, 2012 12:15 PM

Hello All:

What's the procedure for enabling SSL in Zenoss 4.2? The doc I have just states to insert the below into my zope.conf file. Do I install the certs on Apache or inside of Zenoss? Please point me to the correct docs? Thanks for all your help.

<cgi-environment>

HTTPS ON

</cgi-environment>

Like (0)

dpetzel
1,141 posts since
Oct 17, 2010

Currently Being Moderated

1. Aug 16, 2012 10:20 PM (in response to Ezra Taylor)
Re: Enabling SSL in Zenoss 4.2

I have not personally done it,but from what I've seen using Apache to fron Zenoss is the general approach. I dont think there is anything unique to core 4 vs previous version. Have a look at docs/DOC-2516

Report Abuse

Like (0)
ianw1974
52 posts since
Jul 21, 2009

Currently Being Moderated

2. Aug 17, 2012 7:22 AM (in response to Ezra Taylor)
Re: Enabling SSL in Zenoss 4.2

I've done it by using the pound reverse proxy, this is probably the easiest method and lighter on memory usage than perhaps with apache or similar.

With pound, you edit the /etc/pound/pound.cfg providing the SSL listener on port 443, generating yourself a certificate for use with pound, and then pointing your server to localhost:8080 for Zenoss - obviously assuming pound is installed on the same server, if elsewhere, exchange localhost for the IP of the system in question.

Report Abuse

Like (0)
ianw1974
52 posts since
Jul 21, 2009

Currently Being Moderated

3. Aug 17, 2012 7:39 AM (in response to ianw1974)
Re: Enabling SSL in Zenoss 4.2

For completeness, my pound.cfg:

ListenHTTPS
    # Your IP of the server here.
    Address x.x.x.x
    Port    443
    Cert    "/etc/pound/zenoss.pem"

    Service
        BackEnd
            Address 127.0.0.1
            Port 8080
        End
    End
End

Report Abuse

Like (1)
Shane Scott
1,373 posts since
Jul 6, 2009

Currently Being Moderated

4. Aug 18, 2012 1:41 AM (in response to ianw1974)
Re: Enabling SSL in Zenoss 4.2

ianw1974:

I would either use Apache with a reverse proxy for SSL facility (as suggested by Jams) or wait on zenwebserver, a zenpack that provides SSL facility and load balancing across zopes.

Best,
--Shane Scott (Hackman238)

Report Abuse

Like (0)
ianw1974
52 posts since
Jul 21, 2009

Currently Being Moderated

5. Aug 20, 2012 10:17 AM (in response to Shane Scott)
Re: Enabling SSL in Zenoss 4.2

Sure of course, you could even use squid for a reverse proxy. The good thing about open source, the choice, however for me apache or squid is a bit overkill for just a bit of redirecting with SSL.

Report Abuse

Like (0)
zenoR
4 posts since
Jul 12, 2011

Currently Being Moderated

6. Sep 10, 2012 5:21 PM (in response to Shane Scott)
Re: Enabling SSL in Zenoss 4.2

Do you have any further information on this? I having trouble getting SSL to work reliably on my setup....

Report Abuse

Like (0)
Ezra Taylor
2 posts since
Aug 16, 2012

Currently Being Moderated

7. Sep 11, 2012 11:34 AM (in response to zenoR)
Re: Enabling SSL in Zenoss 4.2

Hello All:

              A former colleague of mine instructed me to do the following.
Please look into how Reverse proxies work before doing anything I have
layed out here.

1. setup you ssl certs( In our case we were our own CA).
2. setup Apache to be a Reverse Proxy. Example below. Tweak Apache as you
see fit.

ProxyRequests Off
ProxyPass ^/$    http://localhost:8080
ProxyPassReverse ^/$ http://localhost:8080

3. Edit /opt/zenoss/etc/zope.conf

<cgi-environment>

        https://yoururl.somename.com

</cgi-environment>

ip-address 127.0.0.1

Note: The regex above is not what's in the config I used at work. Please make changes as you deem fit.

Report Abuse

Like (0)

Go to original post

Legend

Correct Answers - 4 points
Helpful Answers - 2 points

Aug 16, 2012 12:15 PM

Enabling SSL in Zenoss 4.2

Actions

More Like This

Legend