Subscribe to Email Updates

    Settings encryption | 2 min read

    Add a SSL Certificate on Web Console

    By default, the Web Console is accessible on HTTP. Nodeum allows the configuration of its Web Console with SSL Certificate. Here are the instructions to be followed.

    Preamble

    We consider in this example the following parameters:

    • Server hostname is nodeum.mydomain.com
    • Server IP is 10.1.2.3
    • The Nodeum Ansible package is extracted in the folder ~/v1-x-y/
    • Certificate validity period of key SSL is 365 days
    • Private key file name is "private.key" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/
    • Certificate file name is "public.crt" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/

    Creation of the self-signed certificate 

    In the folder where you have extracted the Nodeum Ansible inventory, you have to go into the folder /files/ to execute this command.

    [root@nodeum]# cd ~/v1-x-y/files/
    [root@nodeum]# openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes
    -keyout ./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,IP:127.0.0.1,IP:10.1.2.3"
     

    2. Verification that the certificates are well generated

    [root@nodeum:~/v1-x-y/files/nodeum_certs]# ls -l
    total 8
    -rw------- 1 root root 3272 Mar 29 13:17 private.key
    -rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt

    These certificates will be used by nginx (Console UI and API) to configure the use of SSL.
    The public certificate will also be used by some services that need to access the API.

    3. Enable the SSL requirement

    Once done, it's required to update the Nodeum Ansible inventory file and specify that SSL has to be enabled.

    [root@nodeum]# cd ~/v1-x-y/inventory/host_vars/
    [root@nodeum:~/v1-x-y/inventory/host_vars/]# vi srv01
    ...
    # If there is no default network interface defined or you want to override it
    # iface_name: eth0
    rails_ssl_enabled: yes
    ...

    And then execute the Nodeum Ansible playbook installation.

    Important note: Once HTTPS is enable, the Nodeum HTTP Console access is disabled. All requests through HTTP are automatically redirect to HTTPS.

    Related Categories

    Settings encryption

    You may also like:

    Workflow Settings Best Practice

    Primary Storage

    Definition Primary storage is the type of storage and technologies used to store and retain digital information that is ...

    Settings encryption

    Enable SSL Certificate Container accessible on S3 Protocol

    By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encrypti...

    Settings encryption S3

    Setup SSE to encrypt S3 Buckets

    Description S3 connector is compatible with the Server-side encryption. This encryption solution is about protecting dat...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version