Help with SSL
350 views
Skip to first unread message
Dave Noonan
Jun 1, 2017, 9:59:10 AM6/1/17
to NetBox
I've had NetBox running on CentOS 7 for a couple of weeks and tried to add SSL but I'm getting "Bad Request (400)".
I'm guessing that nginx is sending SSL to gunicorn which doesn't know about the cert but damned if I can find a log message to tell me anything at all. I added "--access-logfile /var/log/gunicorn-access.log" to the supervisor config for gunicorn but still no logging. Obviously I'm missing something.
Can someone please point me at the instructions for either having nginx terminate the SSL and use HTTP to gunicorn or getting gunicorn to handle SSL (or otherwise point me in the right direction)?
Thank you
I'm guessing that nginx is sending SSL to gunicorn which doesn't know about the cert but damned if I can find a log message to tell me anything at all. I added "--access-logfile /var/log/gunicorn-access.log" to the supervisor config for gunicorn but still no logging. Obviously I'm missing something.
Can someone please point me at the instructions for either having nginx terminate the SSL and use HTTP to gunicorn or getting gunicorn to handle SSL (or otherwise point me in the right direction)?
Thank you
Dave Noonan
Jun 1, 2017, 11:14:45 AM6/1/17
to NetBox
Never mind. It works now. I changed some stuff and then undid the changes and now it works.
Sorry for the noise.
Sorry for the noise.
Yann Hqxor
Sep 25, 2017, 8:33:54 AM9/25/17
to NetBox
Hello Dave,
Could you send me your configuration for ssl ?
i'll try to do the same with apache.
I tried but not working ...
Thank you ! :)
Yann
Brian Candler
Sep 25, 2017, 6:52:26 PM9/25/17
to NetBox
In case it helps, here is some working SSL config for Apache 2.4 under Ubuntu 16.04.
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateChainFile /etc/dehydrated/certs/netbox.example.net/chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ServerName netbox.example.net
Alias /static /opt/netbox/netbox/static
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /static>
ProxyPass !
</Location>
ProxyPass / http://127.0.0.1:8001/
ProxyPassReverse / http://127.0.0.1:8001/
</VirtualHost>
</IfModule>
Reply all
Reply to author
Forward
0 new messages