Zenoss over SSL with Nginx reverse proxy.

facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Zenoss is an enterprise infrastructure monitoring tool that can give in real time the big picture of networks, applications, hardware performances and issues running from a small business to a cloud service. While using it I found the lack of a decent SSL support running out off the box, in order to overcome this issue I decided to use Nginx as reverse proxy server to handle and deliver Zenoss with the SSL support. For this example I’m using Zenoss a debian Native Stack installed on Ubuntu server 10.04

Zenoss download:

http://community.zenoss.org/docs/DOC-3240?noregister

Preparing zenoss:

You need to locate the file zope.conf, which in this case is locate into /usr/local/zenoss/zenoss/etc/zope.conf , and find the line that contains “# ip-address 127.0.0.1″ and uncomment it as follows.

# ip-address 127.0.0.1

to

ip-address 127.0.0.1

After you are saved the zope.conf file you need to restart the Zope server as zenoss user.

su – zenoss

zopectl restart

Nginx

You need to install Nginx and the openssl utilities, create an ssl directory to store the certificates and create the certificates.

[sourcecode language=”bash”]

apt-get install nginx openssl

mkdir /etc/nginx/ssl

cd /etc/nginx/ssl

openssl req -new -x509 -days 365 -nodes -out zenoss.pem -keyout zenoss.key

[/sourcecode]

zenoss.key zenoss.pem

rm /etc/nginx/sites-enabled/default

touch /etc/nginx/sites-enabled/default

[sourcecode language=”bash”]

server {
listen 443 default ssl;
server_name myserver;

ssl on;
ssl_certificate /etc/nginx/ssl/zenoss.pem;
ssl_certificate_key /etc/nginx/ssl/zenoss.key;

location / {
rewrite ^(.*)$ /VirtualHostBase/https/serveripaddress:443$1 break;
proxy_pass http://127.0.0.1:8080;
}
}

[/sourcecode]

Restart Nginx before the login.

/etc/init.d/nginx restart

Restarting nginx: nginx.

At this point everything should work smoothly, now you can test your new Zenoss over SSL pointing the browser to https://serveripaddress


Leave a Reply

Your email address will not be published / Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">