Running MHN Over HTTPS

Brady Sullivan edited this page Oct 27, 2017 · 5 revisions

Note: This howto may be useful for more context on setting up HTTPS in general using nginx on ubuntu.

Copy your SSL key files into /etc/ssl/private/.

Copy the configs below into /etc/nginx/sites-enabled/. Modify them for your environment. Specifically change the key filenames (your.mhn.domainname.com.pem).

Restart nginx:

sudo /etc/init.d/nginx restart

/etc/nginx/sites-enabled/mhn-http

server {
    listen       80;
    server_name  _;
    
    location / { 
        try_files $uri @mhnserver; 
    }
    
    root /opt/mhn/server;

    location @mhnserver {
      include uwsgi_params;
      uwsgi_pass unix:/tmp/uwsgi.sock;
    }

    location  /static {
      alias /opt/mhn/server/mhn/static;
    }
}

/etc/nginx/sites-enabled/mhn-https

MAKE SURE TO REPLACE your.mhn.domainname.com with your domain name.

server {
    listen               80;
    listen              443 ssl;
    server_name         _;
    ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
    ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

    if ($ssl_protocol = "") {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location / { 
        try_files $uri @mhnserver; 
    }
    
    root /opt/www;

    location @mhnserver {
      include uwsgi_params;
      uwsgi_pass unix:/tmp/uwsgi.sock;
    }

    location  /static {
      alias /opt/mhn/server/mhn/static;
    }
}

/etc/nginx/sites-enabled/honeymap-https

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

server {
	listen   8443 ssl;
	ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
	ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

	root /opt/honeymap/client;
	index index.html index.htm;

	server_name _;

	location / {
		try_files $uri $uri/ /index.html;
	}

	location /data/ {
		proxy_pass http://localhost:3000;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}
}

/etc/nginx/sites-available/splunk-https

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

server {
        listen   8001 ssl;
        ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
        ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

        root /tmp;
        index index.html index.htm;

        server_name _;

        location / {
                proxy_pass http://localhost:8000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }
}
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.