Add a SSL Certificate

By default, the Console is accessible via HTTP. Nodeum allows you to configure its Console with an SSL certificate for enhanced security.

Instructions

We consider in this example the following parameters:

Server Details:
- Hostname: nodeum.mydomain.com
- IP Address: 10.1.2.3
Nodeum Ansible Package:
- Extracted in: ~/v1-x-y/
SSL Certificate Details:
- Validity Period: 365 days
- Private Key File:
  - Name: private.key
  - Location: ~/v1-x-y/files/nodeum_certs/
- Certificate File:
  - Name: public.crt
  - Location: ~/v1-x-y/files/nodeum_certs/

Generating a Self-Signed Certificate

Navigate to the /files/ directory within the Nodeum Ansible inventory folder to execute the command.

$ cd ~/v1-x-y/files/
$ openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout 
./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/
CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,
IP:127.0.0.1,IP:10.1.2.3"

Ensure proper generation of certificates.

The certificates will be used by Nginx (Console UI and API) to enable SSL. Additionally, the public certificate is employed by certain services.

$ cd ~/v1-x-y/files/nodeum_certs
$ ls -l
total 8
-rw------- 1 root root 3272 Mar 29 13:17 private.key
-rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt

Enable SSL

To enable SSL after completing the task, update the Nodeum Ansible inventory file accordingly.

$ cd ~/v1-x-y/inventory/host_vars/
$ vi srv01
... 
# If there is no default network interface defined or you want to override it
# iface_name: eth0
rails_ssl_enabled: yes
...

Proceed to run the Nodeum Ansible playbook to complete the installation.

Once HTTPS is enabled, Nodeum's HTTP Console access is disabled. All HTTP requests are automatically redirected to HTTPS.

Last updated 16 days ago

Was this helpful?