Glowroot Cental Collector - SSL

[ravj...@gmail.com]

Hello,

I have been successful in installing glowroot collector and agent end to end and able to see the data as well. The installation was seamless and easy.

Now I am trying to enable the SSL. Below are few questions i have.

1. How do i enable SSL config via glowroot-central.properties file? Peeked into the source code and couldnt find an option to enable this. I already have the necessary certificates generated as per the requirement.

The SSL certificate and private key to be used must be placed in the /opt/glowroot/. with filenames certificate.pem and private.pem before enabling HTTPS. The private key should not have a passphrase. E.g. a self signed certificate can be generated at the command line using openssl req -new -x509 -nodes -days 365 -out certificate.pem -keyout private.pem


2. Do we support SSL for the GRPC agent port 8181?

3. If the answer to 2 is yes, if I am using self signed private certs, how do we go about mounting a truststore so that Certificates are trusted.


I did search documentation and also forums. But couldnt find relevant information pertaining to above.

Thanks in advance for the help.


Thanks,
Ravikanth

[Trask Stalnaker]

1.  Select the SSL checkbox in the web config, e.g. https://demo.glowroot.org/admin/web, and when you save, it should immediately stop serving http, and start serving https, and redirect your browser to https://...

If this isn't working, please post the glowroot central log file.

2.  This is a good question, I'm not sure, I will look into it and get back to you.

Thanks,

Trask

[Ravikanth Janga]

Hi,

 

Please see inline.

 

From: <glow...@googlegroups.com> on behalf of Trask Stalnaker <trask.s...@gmail.com>
Date: Tuesday, April 25, 2017 at 10:03 PM
To: Glowroot <glow...@googlegroups.com>
Subject: Re: Glowroot Cental Collector - SSL

 

1.  Select the SSL checkbox in the web config, e.g. https://demo.glowroot.org/admin/web, and when you save, it should immediately stop serving http, and start serving https, and redirect your browser to https://...

 

If this isn't working, please post the glowroot central log file.

 

>> This seems to be working from Web and it is redirecting. But is there a way we can configure and enforce this via a property file rather than accessing UI via HTTP and then enabling HTTPS.

 

2.  This is a good question, I'm not sure, I will look into it and get back to you.

 

Thanks,

Trask

On Tuesday, April 25, 2017 at 11:28:49 AM UTC-7, ravjanga wrote:

Hello,

I have been successful in installing glowroot collector and agent end to end and able to see the data as well. The installation was seamless and easy.

Now I am trying to enable the SSL. Below are few questions i have.

1. How do i enable SSL config via glowroot-central.properties file? Peeked into the source code and couldnt find an option to enable this. I already have the necessary certificates generated as per the requirement.

The SSL certificate and private key to be used must be placed in the /opt/glowroot/. with filenames certificate.pem and private.pem before enabling HTTPS. The private key should not have a passphrase. E.g. a self signed certificate can be generated at the command line using openssl req -new -x509 -nodes -days 365 -out certificate.pem -keyout private.pem


2. Do we support SSL for the GRPC agent port 8181?

3. If the answer to 2 is yes, if I am using self signed private certs, how do we go about mounting a truststore so that Certificates are trusted.


I did search documentation and also forums. But couldnt find relevant information pertaining to above.

Thanks in advance for the help.


Thanks,
Ravikanth

--
You received this message because you are subscribed to a topic in the Google Groups "Glowroot" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/glowroot/tPerBPIfT_g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to glowroot+u...@googlegroups.com.
To post to this group, send email to glow...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/glowroot/1003469f-0d30-4cbf-87e8-6289aa42e82b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Trask Stalnaker]

You could start glowroot central the first time to create the cassandra schema, then stop glowroot central and insert the initial web config that you want directly into cassandra:

insert into central_config (key, value) values ('web', '{"https":true}');

then start glowroot central back up and it should be running with https.

To unsubscribe from this group and all its topics, send an email to glowroot+unsubscribe@googlegroups.com.

[Ravikanth Janga]

Sure. I will try this out. For now we solved this on our side itself by having a SSL enabled Front Load balancer.

 

Thank you for the excellent support.

 

Thanks,

Ravikanth

 

 

From: <glow...@googlegroups.com> on behalf of Trask Stalnaker <trask.s...@gmail.com>
Date: Tuesday, April 25, 2017 at 10:03 PM
To: Glowroot <glow...@googlegroups.com>
Subject: Re: Glowroot Cental Collector - SSL

 

1.  Select the SSL checkbox in the web config, e.g. https://demo.glowroot.org/admin/web, and when you save, it should immediately stop serving http, and start serving https, and redirect your browser to https://...

--

You received this message because you are subscribed to a topic in the Google Groups "Glowroot" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/glowroot/tPerBPIfT_g/unsubscribe.

To unsubscribe from this group and all its topics, send an email to glowroot+u...@googlegroups.com.

[Trask Stalnaker]

I created a github issue for supporting gRPC over SSL: https://github.com/glowroot/glowroot/issues/205

Thanks,

Trask

To unsubscribe from this group and all its topics, send an email to glowroot+unsubscribe@googlegroups.com.