NetVizura and Tomcat reverse proxy and SSL configuration

pexels-sharon-snider-4000309

Sometimes we want to limit the availability of the NetVizura application and add additional security layers. Reverse proxy and SSL configuration are here to ensure this.

A reverse proxy is an application that forwards requests from client to server, but in a way that the client isn't aware there is something in between. Use cases for this are usually network security oriented.

SSL configuration can be done on the reverse proxy or directly on Apache Tomcat. In a production environment, however, it is not advisable to set SSL termination directly on Apache Tomcat. A much better choice would be using a reverse proxy as an SSL termination point.

All examples presented in this blog post are for Ubuntu Server. Nonetheless, just minor modifications are needed to make them applicable to Windows Server or any Linux Distribution.


Apache Web server reverse proxy configuration 

1. Install Apache service and enable proxy mods

2.  Delete all other sites from /etc/apache2/sites-available

3.  Create /etc/apache2/sites-available/apache2proxy.conf with the following content:

 4.  Enable the site we have just configured

5.  Restart Apache service

Now you should be able to check the NetVizura web page as http://yoursite/netvizura.


SSL apache2 

To include an additional layer of security, you can create your certificates and add them to Apache. The first step would be to create self-signed certificates. However, if you want your application to be available on WWW, you need to add a fitting certificate, either by buying it online or by using Let's Encrypt service. We will not go deeper into this is for now as it out of scope (but maybe we will cover the subject in some future post, so stay tuned).

1. Create self-signed certificates

2.  Enable additional mods

3.  Create /etc/apache2/sites-available/https.conf with the following content:

 4.  Enable the virtual host

5.  Restart Apache service

  https://yoursite/netvizura should now be fully functional.


NGINX instead of Apache

If you are more inclined to use NGINX instead of Apache, here is the simple configuration you may use. 

1. Install NGINX

2.  Delete all files from /etc/nginx/sites-available/ directory

3.  Create file /etc/nginx/sites-available/http.conf with the following content:

4.  Link the file

5. Restart NGINX

Now, you should see your NetVizura website accessible from http://yoursite/netvizura.


NGINX SSL

In this example, the same as in Apache configuration, we are adding an additional layer. We have omitted SSL key generation, that you can reuse from Apache SSL configuration.

1. Create file /etc/nginx/sites-available/ssl.conf with the following content:

2.  Link the file

 3. Restart NGINX

  Afterwards, you should see your NetVizura web page accessible from https://yoursite/netvizura.


Tomcat SSL

In our last (but not the least) example, we will cover Tomcat which has SSL capabilities itself.

1. Create the keytool which will have the keys below:

2.  Edit the server xml (note that depending on your Tomcat version, the folder can be different). We are using Tomcat 7, and therefore the folder is /etc/tomcat7/server.xml

3. Restart Tomcat

Again, now you should see your NetVizura website accessible from https://yoursite/netvizura.


If you are interested into checking out some other similar configurations, you may find them on our Confluence page: SSL Configuration.

Elasticsearch backup and restore
NetVizura and Elasticsearch - How we did it?

Related Posts

By accepting you will be accessing a service provided by a third-party external to https://www.netvizura.com/

Contact

Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210
sales@netvizura.com | support@netvizura.com

CONNECT WITH US:

linkedin facebook facebook