Configure and Enable SSL for the Management Console

You can use secure HTTP for your console.

To run your console over Secure HTTP:

  1. Install nginx on your console server with the following command:
    yum install nginx
  2. Overwrite the default nginx.conf file with the template provided in /usr/share/doc/eucaconsole-4.4/nginx.conf.
    cp /usr/share/doc/eucaconsole-4.4/nginx.conf /etc/nginx/nginx.conf
  3. Uncomment the 'listen' directive and uncomment/modify the SSL certificate paths in /etc/nginx/nginx.conf (search for "SSL configuration"). For example:
    # SSL configuration
    listen 443 ssl;
    # ssl_certificate /path/to/ssl/pem_file;
    # EXAMPLE:
    ssl_certificate /etc/eucaconsole/console.crt;
    # ssl_certificate_key /path/to/ssl/certificate_key;
    # EXAMPLE: 
    ssl_certificate_key /etc/eucaconsole/console.key;
    # end of SSL configuration
    Tip: For more information on generating self-signed SSL certificates, go to http://www.akadia.com/services/ssh_test_certificate.html.
  4. Restart nginx using the following command:
    systemctl restart nginx.service
  5. Edit the /etc/eucaconsole/console.ini file, locate the session.secure = false parameter, change false to true, then add the sslcert and sslkey lines immediately following, per this example:
    session.secure = true
    sslcert=/etc/eucaconsole/eucalyptus.com.chained.crt
    sslkey=/etc/eucaconsole/eucalyptus.com.key