Configuring https on IDSTower#
In order to run IDSTower over https, we need to create & configure the https certificate settings, in the below example we will configure IDSTower with a self signed certificate:-
Generate a self-signed certificate using openssl (valid for 5 years in this example).
$ sudo mkdir /opt/idstower/certs $ cd /opt/idstower/certs $ sudo openssl req -x509 -newkey rsa:4096 -sha256 -keyout idstower.key -out idstower.crt -subj "/CN=idstower" -days 1825
Convert the certificate into pfx format
$ sudo openssl pkcs12 -export -name “idstower” -out idstower.pfx -inkey idstower.key -in idstower.crt
Change the owner of the certs directory and keys to idstower
$ sudo chown -R idstower:idstower /opt/idstower/certs
Set the certificate path and password in appsettings.json->Hosting->Certificate section.
set path to: /opt/idstower/certs/idstower.pfx
set password to the one chosen in step 2
Change thr URL in appsettings.json->Hosting->URL section to https:// instead of http://
Restart IDSTower service to apply the changes
$ sudo systemctl restart idstower.service
Verify that IDSTower service is running correctly:
$ sudo systemctl status idstower.service
Make sure your firewall allows ports 80 & 443 (or the ports you are running IDSTower on):
$ sudo ufw allow 80/tcp $ sudo ufw allow 443/tcp $ sudo ufw reload
$ sudo firewall-cmd --zone=public --permanent --add-service=http $ sudo firewall-cmd --zone=public --permanent --add-service=https $ sudo firewall-cmd --reload
If you have already created a Cluster in IDSTower, make sure to refresh the hosts configurations so that they can contact IDSTower via https, do this using hosts actions in Clusters->Cluster->Hosts Tab->Host Actions->All Hosts->Host->Refresh Stale Config.