By default, Interset Reporting runs over HTTP/TCP 80, however a common request is to utilize SSL/TLS.
There are two ways to implement this - either with your own standard cert (base 64) or a self signed certificate created directly on the Interset Reporting node.
- Open /etc/nginx/conf.d/interset.conf in an editor (e.g. vi).
- Find the following section in the config file:
server {
listen 80;
#server_name server.company.com;# HTTPS: comment the lines above and uncomment the lines below to enable HTTPS
# Run the following commands to generate self-signed certificate using OpenSSL:
# sudo mkdir /etc/nginx/ssl
# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj "/C=CA/ST=Ontario/L=Ottawa/O=Interset Software/CN=myserver.com" -keyout /etc/nginx/ssl/interset.key -out /etc/nginx/ssl/interset.crt#HTTP/1.1
#listen 443 ssl;
#Enable HTTP/2 (comment the previous directive)
#listen 443 ssl http2;
#server_name server.company.com;
#ssl on;#ssl_certificate /etc/nginx/ssl/interset.crt;
#ssl_certificate_key /etc/nginx/ssl/interset.key;#ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#ssl_prefer_server_ciphers on; - Comment out the following line:
listen 80; - Uncomment the following lines:
#listen 443 ssl http2;
#server_name server.company.com;
#ssl on;#ssl_certificate /etc/nginx/ssl/interset.crt;
#ssl_certificate_key /etc/nginx/ssl/interset.key;#ssl_session_timeout 5m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#ssl_prefer_server_ciphers on;
Note - If you do not wish to use HTTP2, keep "listen 443 ssl http2;" commented and instead uncomment "listen 443 ssl;". - Update the ssl_certificate and ssl_certificate_key variables to point to your certificate, whether that be externally sourced, or created via the commands noted in the commented section of the config above.
- Update the server_name variable to match the FQDN of your server (which should ideally be valid with your SSL certificate).
- Restart nginx by running sudo service nginx restart if on EL6, or sudo systemctl restart nginx if on EL7.
The resulting config section should look something like this:
server {
#listen 80;
#server_name server.company.com;
# HTTPS: comment the lines above and uncomment the lines below to enable HTTPS
# Run the following commands to generate self-signed certificate using OpenSSL:
# sudo mkdir /etc/nginx/ssl
# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj "/C=CA/ST=Ontario/L=Ottawa/O=Interset Software/CN=myserver.com" -keyout /etc/nginx/ssl/interset.key -out /etc/nginx/ssl/interset.crt
HTTP/1.1
listen 443 ssl;
Enable HTTP/2 (comment the previous directive)
listen 443 ssl http2;
server_name server.company.com;
ssl on;
ssl_certificate /etc/nginx/ssl/interset.crt;
ssl_certificate_key /etc/nginx/ssl/interset.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
Comments