Nodeum Docs
HomepageBlog
  • ✨What is Nodeum?
    • Data Management Software
  • 👣GETTING STARTED
    • Step by Step
  • 🏨ARCHITECTURE
    • Standalone
    • High Availability
    • Fully Scalable & Resilience
  • Install and Deploy Nodeum
    • Platform Support
    • Nodeum v1
      • Ansible based installation
    • Nodeum v2 - Data Mover
      • Ansible based Installation
        • Customize your Installation
      • Docker Based Deployment
    • SLURM Integration
    • Software License Application
  • Interfaces
    • ND Client
    • Console
      • Manual for Administrator
        • Login
        • Dashboard & Reports
        • Catalog
        • Data Mover Management
        • Advanced Task Management
        • Data Container
        • Primary Storage Configuration
        • Pool Management
        • TCO Calculator
        • Toolbox
        • System Settings
          • Information
          • Configuration
          • Date & Time
          • Backup
          • Services
          • Hostname and DNS Configuration
          • NAS Storage Configuration
          • Object Storage Configuration
          • Tape Library Configuration
          • User Management
          • Audits
      • Manual for End User
    • For Developers
      • RESTful API
      • Configuration through RestAPI Console
      • Software Developement Kits (SDK)
      • Nodeum API
        • API Terms of Use
        • release v1.x
        • release v2.x
  • DATA MOVER
    • Policy-Based Task orchestration
      • Pool Management
      • Scheduler
      • Data Integrity
      • Priority Management
      • Filtering (Basic or Advanced)
      • Hook service (callback)
    • Content traceability
    • Metadata Management
  • IDENTITY MANAGEMENT
    • Right - Authentication & Authorization
    • LDAP Plugin for JWT Token
  • Container Configuration
    • Prerequisites
    • About Container
    • Authorization and Authentication
    • Access your Container
  • HYBRID STORAGE MANAGEMENT
    • File System Managment
    • Object Storage Management
      • Customize your S3 connection
    • Tape Library Management
      • Tape Writing Format : LTFS
      • Tape Compression
      • Tape Rehydratation
      • Import a LTFS Tape
      • Task Maintenance for Tapes
  • ⏰Alert & Monitoring
    • Alerts
    • Monitoring
    • Log Management
  • 🏥Recover after Hardware Failure
    • Failover - Active/Passive
    • Failover Procedure - One Site
    • Backup & Restore
  • 🔐Security Guide
    • Advanced Network Configuration
    • Add a SSL Certificate on Web Console
    • Enable SSL Certificate Container accessible on S3 Protocol
  • Compatibility guide
    • Software requirement
    • Supported Storage
  • PRODUCT SPECIFICATIONS
    • Character Set Support
    • Limitations
    • Files Status
    • Task Status
Powered by GitBook
On this page
  • Preamble
  • Creation of the self-signed certificate
  • Verification that the certificates are well generated
  • Enable the SSL requirement

Was this helpful?

  1. Security Guide

Add a SSL Certificate on Web Console

By default, the Web Console is accessible on HTTP.

Nodeum allows the configuration of its Web Console with SSL Certificate.

Here are the instructions to be followed.

Preamble

We consider in this example the following parameters:

  • Server hostname is nodeum.mydomain.com

  • Server IP is 10.1.2.3

  • The Nodeum Ansible package is extracted in the folder ~/v1-x-y/

  • Certificate validity period of key SSL is 365 days

  • Private key file name is "private.key" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/

  • Certificate file name is "public.crt" and will be stored into the folder ~/v1-x-y/files/nodeum_certs/

Creation of the self-signed certificate

In the folder where you have extracted the Nodeum Ansible inventory, you have to go into the folder /files/ to execute this command.

$ cd ~/v1-x-y/files/
$ openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout 
./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/
CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,
IP:127.0.0.1,IP:10.1.2.3"

Verification that the certificates are well generated

$ cd ~/v1-x-y/files/nodeum_certs
$ ls -l
total 8
-rw------- 1 root root 3272 Mar 29 13:17 private.key
-rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt

These certificates will be used by nginx (Console UI and API) to configure the use of SSL. The public certificate will also be used by some services that need to access the API.

Enable the SSL requirement

Once done, it's required to update the Nodeum Ansible inventory file and specify that SSL has to be enabled.

$ cd ~/v1-x-y/inventory/host_vars/
$ vi srv01
... 
# If there is no default network interface defined or you want to override it
# iface_name: eth0
rails_ssl_enabled: yes
... 

And then execute the Nodeum Ansible playbook installation.

Once HTTPS is enable, the Nodeum HTTP Console access is disabled. All requests through HTTP are automatically redirect to HTTPS.

Last updated 1 year ago

Was this helpful?

🔐