• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Adding https support to FOG server with Centos 7

    Scheduled Pinned Locked Moved
    Tutorials
    1
    1
    248
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • george1421G
      george1421 Moderator
      last edited by george1421

      This guide is to show how to add https support (simple mode) to your fog server. These instructions assume you know how to request a certificate and to interact with the fog server and its configuration.

      NOTE: This approach is not supported by the fog developers

      But the intent is to simply show a hack to add https support with self signed enterprise certificates. Understand with this approach the http web interface will remain operational for pxe booting and FOG client communications. If you need these features also protected within the https protocol, please follow the officially supported process to activate https on your fog server.

      The first thing you will need, is of course your enterprise signed certificates with the subject that matches the dns name of your fog server. This certificate needs to be in .pem format. You will need 2 files you need the server private key and public certificate files. The certificate must be issued to the FQDN name of your FOG server. IP addresses are not allowed by the CA (certificate authority) for many years now.

      Understand these instructions are for Centos 7. You will to adapt them for your FOG server host OS.

      Place the private key file in /etc/pki/tls/private
      Place the public key file in /etc/pki/tls/certs

      For this tutorial lets call the private key server.key and the public certificate server.crt.

      Now that the certificates are in place lets work on the apache server configuration. For Centos we need to install the apache mod_ssl package. So as root (or sudo) install the mod_ssl package with yum install mod_ssl -y

      Change into the apache configuration directory with

      cd /etc/httpd/conf.d

      Copy the existing FOG configuration file to the ssl modifed version.

      cp fog.conf fogssl.conf

      Edit the file /etc/httpd/conf.d/fogssl.conf

      At the top change the port from 80 to the ssl port of 443

      <VirtualHost *:80>

      Change to

      <VirtualHost *:443>

      Just below the <VirtualHost *:443> line insert the following lines of text:

          SSLEngine on

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
    SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
    SSLHonorCipherOrder on

    #   Server Certificate:
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    #   Server Private Key:
    SSLCertificateKeyFile /etc/pki/tls/private/server.key

      Save the configuration file

      Restart apache with the following command

      systemctl restart httpd

      If the system restarts cleanly then your configuration changes should be good.

      Now open a browser and key in https://<fog_server_dns_name>/fog if everything is good you should see the login page for FOG.

      Things that still need to be worked out:

      1. http redirect to https without breaking pxe booting and fog client interaction with the fog server.

      ref: https://revocent.com/configuring-apache-httpd-tls-using-microsoft-adcs-certificates/

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

      1 Reply Last reply Reply Quote 0
      • 1 / 1
      • First post
        Last post

      119

      Online

      12.1k

      Users

      17.3k

      Topics

      155.3k

      Posts
      Copyright © 2012-2024 FOG Project