3 answers
- 10-1
we are running a few test systems in a configuration similar to yours but without http->https redirect, and these work fine. our setup is https into apache, terminated there and mod-proxied into the opmantek application as http; hence using the normal 04omk-proxy.conf and one trivial sslvhost.conf that just consists of the requestheader https setting.
i suspect that your redirect is causing problems for the communication between open-audit enterprise and open-audit itself, which is via http and controlled by the config option oae_server in conf/opCommon.nmis.
the default value for this is http://127.0.0.1/open-audit/, and would thus be covered by your redirect. i'd recommend experimenting without the redirect first (while observing apache's access logs); if that confirms the redirect as the problem, changing it to exclude /open-audit should help.
- schindlerd
Thank you Alexander :) The redirect is the problem. I excluded /open-audit like so in /etc/conf/httpd.conf: <VirtualHost *:80> ServerName myserver RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/open-audit/ RewriteRule ^/(.*)$ https://myserver.domain/$1 [NC,R=301,L] </VirtualHost> Also added requestheader "https" to ssl vhost conf. Everything is working now, thanks.
Add your comment... - 210
Enabling https is done at the Apache level (Google is your friend). Unsure if the target machines would need to have the certificate 'trusted' if you're not using a cert authority issued certificate.
Apart from the trusted cert issue, if using Discovery from within Open-AudIT it should all "just work".
If running audit scripts directly, make sure you set the variable "url" to https://..... within the script (or on the command line).
- schindlerd
Thanks Mark. I will try and report back If I encounter any issues. Just warten to Maker sure that there are no issues regarding discovery and audit scripts.
- schindlerd
Sorry german T9 ;)
- Mark Unwin
Please do let us know how it goes :-)
Add your comment... - 10-1
I have a basic SSL setup and redirect all http traffic to https like so:
/etc/httpd/conf/httpd.conf
...
<VirtualHost *:80>
ServerName myserver.domain
Redirect "/" "https://myserver.domain/"
</VirtualHost>The redirect works but when I try to login to OAE I get the following error:
==> opDaemon.log <== [Thu Sep 17 12:37:30 2015] [error] malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before "<!DOCTYPE HTML PUBLI...") at /</usr/local/omk/script/../lib/OaeController.pm.exe>Opmantek/OaeController.pm line 2179.
Login to Open-Audit Community works by the way.
I guess my problem it is related to the mod_proxy configuration in combination with the redirect rule. I have tried to add "RequestHeader set X-Forwarded-Proto "https"" to SSL VHOST configuration but without success.
Any help or hint would be apreciated
Add your comment...
How would I enable https and are there any concerns/adjustments regarding the audit scripts?