Follow

Enabling HTTPS for Reporting

By default, Interset Reporting runs over HTTP/TCP 80, however a common request is to utilize SSL/TLS.

There are two ways to implement this - either with your own standard cert (base 64) or a self signed certificate created directly on the Interset Reporting node.

  1. Open /etc/nginx/conf.d/interset.conf in an editor (e.g. vi).
  2. Find the following section in the config file:

    server {
    listen 80;
    #server_name server.company.com;

    # HTTPS: comment the lines above and uncomment the lines below to enable HTTPS
    # Run the following commands to generate self-signed certificate using OpenSSL:
    # sudo mkdir /etc/nginx/ssl
    # sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj "/C=CA/ST=Ontario/L=Ottawa/O=Interset Software/CN=myserver.com" -keyout /etc/nginx/ssl/interset.key -out /etc/nginx/ssl/interset.crt

    #HTTP/1.1
    #listen 443 ssl;
    #Enable HTTP/2 (comment the previous directive)
    #listen 443 ssl http2;
    #server_name server.company.com;
    #ssl on;

    #ssl_certificate /etc/nginx/ssl/interset.crt;
    #ssl_certificate_key /etc/nginx/ssl/interset.key;

    #ssl_session_timeout 5m;

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    #ssl_prefer_server_ciphers on;

  3. Comment out the following line:

    listen 80;

  4. Uncomment the following lines:

    #listen 443 ssl http2;
    #server_name server.company.com;
    #ssl on;

    #ssl_certificate /etc/nginx/ssl/interset.crt;
    #ssl_certificate_key /etc/nginx/ssl/interset.key;

    #ssl_session_timeout 5m;

    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    #ssl_prefer_server_ciphers on;

    Note - If you do not wish to use HTTP2, keep "listen 443 ssl http2;" commented and instead uncomment "listen 443 ssl;".

  5. Update the ssl_certificate and ssl_certificate_key variables to point to your certificate, whether that be externally sourced, or created via the commands noted in the commented section of the config above.
  6. Update the server_name variable to match the FQDN of your server (which should ideally be valid with your SSL certificate).
  7. Restart nginx by running sudo service nginx restart if on EL6, or sudo systemctl restart nginx if on EL7.

 

The resulting config section should look something like this:

server {
#listen 80;
#server_name server.company.com;

# HTTPS: comment the lines above and uncomment the lines below to enable HTTPS
# Run the following commands to generate self-signed certificate using OpenSSL:
# sudo mkdir /etc/nginx/ssl
# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj "/C=CA/ST=Ontario/L=Ottawa/O=Interset Software/CN=myserver.com" -keyout /etc/nginx/ssl/interset.key -out /etc/nginx/ssl/interset.crt

HTTP/1.1
listen 443 ssl;
Enable HTTP/2 (comment the previous directive)
listen 443 ssl http2;
server_name server.company.com;
ssl on;

ssl_certificate /etc/nginx/ssl/interset.crt;
ssl_certificate_key /etc/nginx/ssl/interset.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk