0

I wanted to implement https for the administrative console of Kaa.Is there a way of doing this so that the login information passed through the administrative console can be encrypted

Arunesh Dutta
  • 45
  • 6

1 Answers1

1

Yes, you can do it. For this you can configure another server with SSL as a reverse proxy for Kaa. You can use a web server like Nginx. For more details about installation and configuration instruction described above, use How To Create an SSL Certificate on Nginx for Ubuntu 14.04 and How To Configure Nginx with SSL as a Reverse Proxy for Jenkins guides.

  1. Update your package lists and install Nginx:
sudo apt-get update
sudo apt-get install nginx
  1. Install openssl to create an SSL certificate:
sudo apt-get install openssl
  1. Create a a self-signed SSL certificate in the /etc/nginx/ directory:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/cert.key -out /etc/nginx/cert.crt
  1. Edit the default Nginx configuration file.
sudo nano /etc/nginx/sites-enabled/default

You can replace the existing configuration file.

server {
    listen 80;
    return 301 https://$host$request_uri;
}

server {

    listen 8085;
    server_name 192.168.x.x;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/jenkins.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the "It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://192.168.x.x:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://192.168.x.x:8080 https://192.168.x.x;
    }
  }

Where, listen 8085; - new port instead of 8080 to access administrative console (you can use default 443 port).

Instead of 192.168.x.x enter your IP address.

  1. Restart Nginx:

sudo service nginx restart

  1. Log in to the Kaa administrative console:

https://192.168.x.x:8085/

Oleksandr
  • 449
  • 3
  • 7