In this post, I am going to HTTPS access on Zabbix Server.

 

 

 In my case, I have a pfx certificate that I got from GlobalSign and I need to convert this certificate to crt and get private key out of it in order to use on the Apache SSL Setup.

I am using OpenSSL and run following 3 openssl commands to have the certificate files that I need:

 

Run the following command to export the private key: (This will generate key.pem)

openssl pkcs12 -in certname.pfx -nocerts -out key.pem –nodes

Run the following command to remove the passphrase from the private key: (This will generate server.key)

openssl rsa -in key.pem -out server.key

Run to convert certificate file pfx to crt (This will generate certificate.crt)

 openssl pkcs12 -in certname.pfx -clcerts -nokeys -out certificate.crt

 

Rename server.key file as private.key and rename certificate.crt file as primary.crt.

Copy these 2 files to apache server. You can use WinSCP to copy these files from Windows to Linux. The files will be copied to /home/linuxuser folder

 

Create a folder for your certificates and set permission 700 for that folder

mkdir -p /etc/apache2/ssl

chmod 700 /etc/apache2/ssl

 

Copy your primary.crt and private.key to /etc/apache2/ssl folder. 

cp /home/zabbixadm/primary.crt /etc/apache2/ssl

cp /home/zabbixadm/private.key /etc/apache2/ssl

 

 

Edit your /etc/hosts file and add your websites address

nano /etc/hosts

x.x.x.x     yourwebsite.com

 

 

Modify Default SSL config:

nano /etc/apache2/sites-available/default-ssl.conf

--------------------------------------------

<IfModule mod_ssl.c>

        <VirtualHost _default_:443>

                ServerAdmin webmaster@localhost

                ServerName zabbix.yourdomain.com

                ServerAlias zabbix.yourdomain.com

                DocumentRoot /var/www/html

SSLEngine on

SSLCertificateFile      /etc/apache2/ssl/primary.crt

SSLCertificateKeyFile /etc/apache2/ssl/private.key

</VirtualHost>

</IfModule>

--------------------------------------------

 

Check if config is set correctly

apache2ctl configtest

 

Enable SSL for default-ssl

a2ensite default-ssl

 

Enable SSL module

a2enmod ssl

systemctl restart apache2 

 

 We just enable https access on Apache. If you need to redirect http request to https you can also edit your 000-default.conf file

Nano /etc/apache2/sites-available/000-default.conf

 -----------------------------------------------------------

<VirtualHost *:80>

    RewriteEngine On

    RewriteCond %{HTTPS} off

    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  -----------------------------------------------------------

And Finally run the command below

a2enmod rewrite 

 

 

By default we use yourdomain.com/zabbix to access zabbix Web GUI. I would like to reach zabbix server by typing only the domain name like yourdomain.com. To do this: 

nano /etc/apache2/sites-available/000-default.conf

Change the DocumentRoot from /var/www/html to /usr/share/zabbix

Then

nano /etc/apache2/conf-available/zabbix.conf

Comment out the below line

# Alias /zabbix /usr/share/zabbix

Restart apache service:

service apache2 restart 

 

Now everything looks pretty :)

JSN Epic template designed by JoomlaShine.com