Enable https?

Follow

Oliver Weinmann

• July 11, 2013 08:14

Hi,

how can I enable https and disable http? Also can I disable or at least password protect /cmon?

Regards,

 

0

• 

  Ashraf Sharif

  • July 11, 2013 09:07

  Enabling SSL.

  We strongly recommend you to upgrade to the latest version which include new elegant user interface, SSL enabled, user/organization administration, authentication and a lot more new features. Kindly refer to our blog page on how to upgrade ClusterControl to the latest version.

  Protecting your cmon web directory using htpasswd and htaccess.

  Lets say you want to create a user called admin with password 'MyP4ss' and your cmon web app is located at /var/www/cmon:

  1. Create .htpasswd and store the user credential:

  $ sudo htpasswd -c /var/www/.htpasswd admin

  2. Create .htaccess file under cmon directory:

  $ sudo vim /var/www/cmon/.htaccess

  And add following lines:

  AuthUserFile /var/www/.htpasswd
  AuthType Basic
  AuthName "CMON User Authentication"
  Require valid-user

  ** omit sudo if you run the command as root

  0

  Comment actions Permalink
• 

  Oliver Weinmann

  • July 11, 2013 10:02

  Hi Ashraf,

   

  I'm already on the latest version and yes https works. Can I disable http?

  0

  Comment actions Permalink
• 

  Ashraf Sharif

  • July 11, 2013 21:06

  Hi Oliver,

  You can try following ways to disable HTTP completely:

  Ubuntu/Debian

  1. Remove default virtual host for port 80:

  $ sudo rm /etc/apache2/sites-enabled/000-default

  2. Restart Apache service:

  $ sudo service apache2 restart

  Redhat/CentOS

  1. Make Apache listens to localhost on port 80:

  $ sed -i 's|^Listen 80|Listen 127.0.0.1:80|g' /etc/httpd/conf/httpd.conf

  2. Restart Apache service:

  $ service httpd restart

   

  You can also use iptables to block the HTTP port:

  $ iptables -A INPUT -p tcp --dport 80 -j DROP

  0

  Comment actions Permalink
• 

  Oliver Weinmann

  • July 12, 2013 11:35

  Hi,

  thanks for your help. Works great.

  Two last questions.

  I have just started using clustercontrol and wondered if this will superseed cmon?

  I put a GLB (galera load balacner) pacemaker cluster in front of the s9 galera cluster to have load balance and HA. Will this ever be supported like ha-proxy?

  Best Regards,

  Oliver 

  0

  Comment actions Permalink
• 

  Ashraf Sharif

  • July 13, 2013 07:13

  Hi Oliver,

  At the moment, we are highly focused on the development of new UI (clustercontrol). The old UI (cmon) can consider deprecated but still usable.

  Using Pacemaker to do IP fail over and resource/quorum monitoring is not yet documented by our team. At the moment, ClusterControl only provisions and automates HAproxy with Keepalived. We would be happy if you could add this in our feature request section and click "Suggest an Idea".

  Regards,

  Ashraf

  0

  Comment actions Permalink

Please sign in to leave a comment.