librenms-librenms/doc/Support/SSL-Configuration.md

source: Support/SSL-Configuration.md
path: blob/master/doc/

# Ubuntu 16.04

## Enabling HTTPS - Nginx

This example is specifically for Ubuntu 16.04 with Nginx and uses an
SSL certificate from Let's Encrypt. Please follow
[this](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04)
excellent tutorial on setting up nginx with an SSL cert from LetsEncrypt.

### Step 1

Follow the LetsEncrypt tutorial until you get to *Step 2: Obtain and
SSL Certificate.* In this section you need to change some config in
the Nginx configuration. The tutorial directs you to edit
`/etc/nginx/sites-available/default` however in the standard LibreNMS
install, the file you need to edit is actually
`/etc/nginx/conf.d/librenms.conf`.

### Step 2

When you get to *Step 3: Configure TLS/SSL on Web Server (Nginx)*
there are some differences again. Follow the instructions regarding
the "snippet" configuration, the main differences come when you get to
*Adjust the Nginx Configuration to Use SSL*. Here you are again
directed to edit `/etc/nginx/sites-available/default`, so we need to
go to `/etc/nginx/conf.d/librenms.conf`.

`sudo vi /etc/nginx/conf.d/librenms.conf`

The top section of this file will look like this:

```
server {
    listen         80;
    listen         [::]:80;
    server_name    example.com;
    root        /opt/librenms/html;
    index       index.php;
    access_log  /opt/librenms/logs/access_log;
    error_log   /opt/librenms/logs/error_log;
```

Edit it to look like this (obviously changing example.com to your actual domain name):

```
server {
    listen         80;
    listen         [::]:80;
    server_name    example.com;
    return         301 https://$server_name$request_uri;
}


server {
 listen              443 ssl http2;
 listen              [::]:443 ssl http2;
 include snippets/ssl-example.com.conf;
 include snippets/ssl-params.conf;
 server_name example.com;
 root        /opt/librenms/html;
 index       index.php;
 access_log  /opt/librenms/logs/access_log;
 error_log   /opt/librenms/logs/error_log;
```

This config will redirect HTTP traffic to HTTPS and use the SSL config
that you have just set up.

Check for syntax errors
`sudo nginx -t`

Then restart Nginx
`sudo systemctl restart nginx`

### Step 3

Follow the rest of the tutorial, especially if you have the server's firewall enabled.

# CentOS

## Enabling HTTPS - Apache

This example is specifically for CentOS 7 with Apache

Please follow [this](https://wiki.centos.org/HowTos/Https) How To from
CentOS wiki on setting up Apache with a SSL cert.

### Step 1

Follow the How to until you get to step 3. This is going to be little
different with LibreNMS. You will need to make changes in here `sudo
vi /etc/httpd/conf.d/librenms.conf`

Your VirtualHost for 443 will need to look something like this for LibreNMS
(obviously changing librenms.example.com to your actual domain name)

```
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory "/opt/librenms/html/">
        AllowOverride All
        Require all granted
        Options FollowSymLinks MultiViews
        </Directory>
        DocumentRoot /opt/librenms/html/
        AllowEncodedSlashes NoDecode
        ServerName librenms.example.com
        CustomLog /opt/librenms/logs/access_log combined
        ErrorLog /opt/librenms/logs/error_log
</VirtualHost>

```

### Step 2

Then restart Apache `sudo systemctl restart httpd`

### Step 3

Follow the rest of the How To, especially if you have the server's firewall enabled.