Discussion:
Enabling SSL in Zenoss 4.2
Ezra Taylor
2012-08-16 16:15:46 UTC
Permalink
Ezra Taylor [http://community.zenoss.org/people/forsudden] created the discussion

"Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/67908#67908

--------------------------------------------------------------
Hello All:

             What's the procedure for enabling SSL in Zenoss 4.2?  The doc I have just states to insert the below into my zope.conf file.  Do I install the certs on Apache or inside of Zenoss?  Please point me to the correct docs?  Thanks for all your help.



<cgi-environment>

HTTPS ON

</cgi-environment>
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67908#67908]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
dpetzel
2012-08-17 02:20:58 UTC
Permalink
dpetzel [http://community.zenoss.org/people/dpetzel] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/67923#67923

--------------------------------------------------------------
I have not personally done it,but from what I've seen using Apache to fron Zenoss is the general approach. I dont think there is anything unique to core 4 vs previous version. Have a look at http://community.zenoss.org/docs/DOC-2516 http://community.zenoss.org/docs/DOC-2516
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67923#67923]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
ianw1974
2012-08-17 11:20:16 UTC
Permalink
ianw1974 [http://community.zenoss.org/people/ianw1974] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/67946#67946

--------------------------------------------------------------
I've done it by using the pound reverse proxy, this is probably the easiest method and lighter on memory usage than perhaps with apache or similar.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67946#67946]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
ianw1974
2012-08-17 11:38:23 UTC
Permalink
ianw1974 [http://community.zenoss.org/people/ianw1974] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/67947#67947

--------------------------------------------------------------
For completeness, my pound.cfg:

[code]
ListenHTTPS
    # Your IP of the server here.
    Address x.x.x.x
    Port    8080
    Cert    "/etc/pound/zenoss.pem"

    Service
        BackEnd
            Address 127.0.0.1
            Port 8080
        End
    End
End[/code]
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67947#67947]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Shane Scott
2012-08-18 05:42:05 UTC
Permalink
Shane Scott [http://community.zenoss.org/people/hackman238] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/67958#67958

--------------------------------------------------------------
ianw1974:

I would either use Apache with a reverse proxy for SSL facility (as suggested by Jams) or wait on zenwebserver, a zenpack that provides SSL facility and load balancing across zopes.

Best,
--Shane Scott (Hackman238)
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/67958#67958]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
ianw1974
2012-08-20 14:17:44 UTC
Permalink
ianw1974 [http://community.zenoss.org/people/ianw1974] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/68026#68026

--------------------------------------------------------------
Sure of course, you could even use squid for a reverse proxy.  The good thing about open source, the choice, however for me apache or squid is a bit overkill for just a bit of redirecting with SSL.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68026#68026]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
zenoR
2012-09-10 21:21:33 UTC
Permalink
zenoR [http://community.zenoss.org/people/zenoR] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/68479#68479

--------------------------------------------------------------
Do you have any further information on this? I having trouble getting SSL to work reliably on my setup....
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68479#68479]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Ezra Taylor
2012-09-11 04:34:28 UTC
Permalink
Ezra Taylor [http://community.zenoss.org/people/forsudden] created the discussion

"Re: Enabling SSL in Zenoss 4.2"

To view the discussion, visit: http://community.zenoss.org/message/68480#68480

--------------------------------------------------------------
Hello All:

              A former colleague of mine instructed me to do the following.
Please look into how Reverse proxies work before doing anything I have
layed out here.

1. setup you ssl certs( In our case we were our own CA).
2. setup Apache to be a Reverse Proxy.  Example below.  Tweak Apache as you
see fit.

ProxyRequests Off
ProxyPass ^/$    http://localhost:8080 http://localhost:8080
ProxyPassReverse ^/$  http://localhost:8080 http://localhost:8080

3. Edit /opt/zenoss/etc/zope.conf

<cgi-environment>

        https://yoururl.somename.com https://yoururl.somename.com

</cgi-environment>

ip-address 127.0.0.1
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/68480#68480]

Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...