How to Enable HTTPS?

Secure your ServiceOps installation and protect sensitive data by enabling HTTPS for encrypted communication.

HTTPS (Hypertext Transfer Protocol Secure) is a secure communication protocol that encrypts data transmitted between clients and servers. Enabling HTTPS in ServiceOps ensures that sensitive information such as login credentials, personal data, and business information is protected from unauthorized access during transmission.

Prerequisites

Before enabling HTTPS, ensure you have the following:

• SSL Certificate: A valid SSL certificate (.crt file) for your domain
• Private Key: The corresponding private key (.key file) for the certificate
• Root Access: Administrative privileges on the ServiceOps server
• Port Access: Ensure port 443 is accessible and not blocked by firewall

Important

Always use a valid SSL certificate from a trusted Certificate Authority (CA) for production environments. Self-signed certificates should only be used for testing purposes.

Configuration Options

ServiceOps supports two HTTPS configuration approaches:

1. HTTP to HTTPS Redirection

This configuration automatically redirects all HTTP traffic to HTTPS, ensuring all connections are secure.

2. HTTPS Only

This configuration disables HTTP access entirely and only allows HTTPS connections.

Step-by-Step Configuration

1. Locate the Nginx Configuration File

The ServiceOps Nginx configuration file is located at:

/etc/nginx/conf.d/fmt_nginx.conf

2. Backup the Current Configuration

Before making changes, create a backup of your current configuration:

cp /etc/nginx/conf.d/fmt_nginx.conf /etc/nginx/conf.d/fmt_nginx.conf.backup

3. Configure SSL Certificate Paths

Ensure your SSL certificate and private key are placed in the appropriate directories:

# Certificate file (typically .crt or .pem)
/etc/ssl/certs/nginx.crt

# Private key file (typically .key)
/etc/ssl/private/nginx.key

Certificate Management

• Ensure proper file permissions: certificate files should be readable by nginx (typically 644)
• Private key files should have restricted permissions (typically 600)
• Verify certificate and key file ownership belongs to the nginx user

4. Configure Nginx for HTTPS

HTTP to HTTPS Redirection

Add the following configuration to your fmt_nginx.conf file:

server {
    listen 80;
    server_name localhost;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name localhost;
    ssl on;
    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;
    
    # Additional SSL security settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    # Your existing location blocks and other configurations go here
    location / {
        # Your existing location configuration
    }
}

HTTPS Only

Add the following configuration to your fmt_nginx.conf file:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name localhost;
    ssl on;
    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;
    
    # Additional SSL security settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;
    
    # Your existing location blocks and other configurations go here
    location / {
        # Your existing location configuration
    }
}

5. Validate Configuration

Test the Nginx configuration syntax before applying changes:

nginx -t

If the syntax is proper, restart the nginx service using the below command:

systemctl restart nginx

The SSL certificate is now added to the Nginx server.

---

Related Topics

• How to Configure Memory and Connection Pool
• How to Configure Application and Database Server Separately
• Configuring LDAPS Certificate