• State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 21 subscribers
  • Views 2015 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Securing KIWI web access with https

geoffinva3

A coworker created the following to secure the KIWI web server for https -

 

 KIWI SYS-LOG SSL CONFIGURATION

 

1.        Install Apache for Win32 x86 with OpenSSL.  This usually comes as an MSI.

2.       Modify the following files.

a.       C:\Program Files\Apache Group\Apache 2\conf  httpd.conf

b.      C:\Program Files\Apache Group\Apache 2\conf  ssl.conf

 

3.       For the httpd.conf file you must add and change the following

Uncomment the following line

#LoadModule proxy_module modules/mod_proxy.so

#LoadModule ssl_module modules/mod_ssl.so

 

Add

 

ServerName 10.x.x.x:80

 

<VirtualHost 0.0.0.0:80>

    ServerName slog01

    ServerAlias slog01

 

    ProxyPass / http://localhost:8088/

    ProxyPassReverse / http://localhost:8088/

 

</VirtualHost>

 

4.       For the ssl.conf file you must add and change the following

Comment out the following

#<IfDefine SSL>  and  #</IfDefine>

 

Ensure the following

Listen 0.0.0.0:443

 

Add the following

ProxyRequests Off

 

<Proxy *>

 

Order deny,allow

     Deny from all

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

        Allow from 10.x.x.x/24

</Proxy>

 

 

 

<VirtualHost 0.0.0.0:443>

    SSLEngine on

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

    SSLCertificateFile      conf/ssl.crt/new.cert.cert

    SSLCertificateKeyFile   conf/ssl.key/new.cert.key

 

    ServerName log01

    ServerAlias nsochinslog01

 

    ErrorLog logs/ssl_error_log.txt

    TransferLog logs/ssl_access_log.txt

 

    ProxyPass / http://localhost:8088/

    ProxyPassReverse / http://localhost:8088/

 

</VirtualHost>

 

5.       Creating the SSL Certificate

a.       Location of the cert file c:\Program Files\Apache Group\Apache2\conf\ssl.crt

b.      Location of the key file c:\Program Files\Apache Group\Apache2\conf\ssl.key

 

Procedures using UNIX to create the SSL Certificate:

 

                Generate Server CA Signer

                                openssl genrsa -des3 -out server.key 2048

 

                Generate Certificate Service Request (CSR)

                                openssl req -new -key server.key -out server.csr

 

                Remove Passphrase from Key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

                                               

                                                Generate Self Signed Certificate

                                                                openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 

               

6.       Once everything is setup stop and start the apache services.  You should then be able to hit the Kiwi Syslog Server securely with apache acting as a reverse proxy to the kiwi server.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.