Saturday, December 29, 2012

How to Install Zenoss Core 4.2 Over SSL with Nginx reverse proxy


Before you start doing the installation, you should check your server specs if you meet the minimum hardware requirements, which is Zenoss Core 4.2 runs natively on the following Linux-based operating systems:

  • Red Hat Enterprise Linux 64-bit 6.x (recommended) or 5.x
  • CentOS 64-bit 6.x (recommended) or 5.x

Zenoss Installation Steps

  • Auto-deploy Installation

Using the auto-deploy script (core-autodeploy-4.2.sh) is the simplest way to install Zenoss Core 4.2 on a newly-deployed RHEL/CentOS 64-bit 5/6 system. To use the script, execute the following as root in sequential order.

# wget --no-check-certificate https://raw.github.com/zenoss/core-autodeploy/master/core-autodeploy-4.2.sh
# chmod +x core-autodeploy-4.2.sh
# ./core-autodeploy-4.2.sh

The auto-deploy script automatically download and install Zenoss Core 4.2 and all required dependencies. So wait until the auto-deploy installation will be finished.

  • Configure Zenoss over SSL with Nginx reverse proxy

We will be used Nginx as reverse proxy server instead of running in on the box (e.g. http://127.0.0.1:8080). So, to proceed our installation, we need to comment out “ip-address 127.0.0.1″ in zope.conf (/opt/zenoss/etc/zope.conf) using your favorite editor. 

# vi /opt/zenoss/etc/zope.conf
  From: # ip-address 127.0.0.1
  To: ip-address 127.0.0.1
# su - zenoss
# zopectl restart

From this point, we will install Nginx and the OpenSSL utilities. But first, we need to add nginx yum repository. We need to create a file named /etc/yum.repos.d/nginx.repo and paste one of the configurations below: 

 CentOS:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

RHEL:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=0
enabled=1


 And proceed the Nginx and OpenSSL installation

# yum install nginx openssl


 Then create an ssl directory to store the certificates and generate certificates using openssl. 

# mkdir /etc/nginx/ssl
# cd /etc/nginx/ssl
# openssl req -new -x509 -days 365 -nodes -out zenoss-cert.pem -keyout zenoss-cert.key


 Configure the default.conf file in /etc/nginx/conf.d

# cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig
# vi /etc/nginx/conf.d/default.conf   
Then, replace with:
  server {
    listen 443 default ssl;
    server_name Your-IP-Address;

      ssl on;
      ssl_certificate      /etc/nginx/ssl/zenoss-cert.pem;
      ssl_certificate_key  /etc/nginx/ssl/zenoss-cert.key;

location / {
        rewrite ^(.*)$ /VirtualHostBase/https/Your-IP-Address:443$1 break;
        proxy_pass http://127.0.0.1:8080;
    }
}

Restart Nginx and Zenoss

# /etc/init.d/nginx restart
# /etc/init.d/zenoss-stack restart
or 
# su - zenoss
$ zenoss restart
 
Finally, open your Zenoss over SSL using your favorite browser e.g. https://your-ip-address


References:
http://wiki.nginx.org/Install
http://wiki.zenoss.org/Install_Zenoss
http://bailey.st/blog/2012/03/24/zenoss-over-ssl-with-nginx-reverse-proxy/


  
Posted by at No comments:
Subscribe to: Posts (Atom)