Add a SSL Certificate

By default, the Console is accessible on HTTP.

Nodeum supports configuring its Console with an SSL Certificate

Instructions

Preamble

We consider in this example the following parameters:

• Server hostname is nodeum.mydomain.com

• Server IP is 10.1.2.3

• The Nodeum Ansible package is extracted in the folder ~/v1-x-y/

• Certificate validity period of key SSL is 365 days

• Private key file name is "private.key" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/

• Certificate file name is "public.crt" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/

Creation of the self-signed certificate

In the folder where you have extracted the Nodeum Ansible inventory, you have to go into the folder /files/ to execute this command.

$ cd ~/v1-x-y/files/
$ openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout 
./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/
CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,
IP:127.0.0.1,IP:10.1.2.3"

Verification that the certificates are well generated

$ cd ~/v1-x-y/files/nodeum_certs
$ ls -l
total 8
-rw------- 1 root root 3272 Mar 29 13:17 private.key
-rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt

The certificates will be used by nginx (Console UI and API) to configure the use of SSL. The public certificate is also utilized by certain services.

Enable the SSL

After completing the task, update the Nodeum Ansible inventory file to enable SSL .

$ cd ~/v1-x-y/inventory/host_vars/
$ vi srv01
... 
# If there is no default network interface defined or you want to override it
# iface_name: eth0
rails_ssl_enabled: yes
... 

And then execute the Nodeum Ansible playbook installation.