Enabling HTTPS Centos 7 on Apache

Hi All,

I have made an attempt to enable https on my Centos 7 server for apache. It is not working. The http server starts but https returns the below error in my browser.

“. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG”

I updated the ssl.conf and the librenms.conf…but not totally sure how to do it, especially the librenms.conf side. Not sure how those two files work together.

I have left the old http librenms.conf config in place (though I added https to it). I did not want to do anything to it until I got https working.

Does anyone have an example config or a link to some instructions on how to do it?

LibreNMS guys… it would be nice to include enabling https in the documentation. Thanks!

1 Like

From my own LibreNMS/Centos 7 configuration notes (and assuming you have all your certs created as required):

sudo emacs /etc/httpd/conf.d/librenms-ssl.conf

<VirtualHost *:443>
DocumentRoot /opt/librenms/html/
ServerName your-server
SSLEngine on
SSLCertificateFile /certs/your-server.pem
SSLCertificateKeyFile /certs/your-server_ssl_key.pem
SSLCertificateChainFile /certs/your-server_chain.pem
CustomLog /opt/librenms/logs/access_log combined
ErrorLog /opt/librenms/logs/error_log
AllowEncodedSlashes NoDecode
<Directory “/opt/librenms/html/”>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews

sudo systemctl restart httpd
sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-04-21 09:54:01 BST; 2s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6727 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 7072 (httpd)
Status: "Processing requests…"
CGroup: /system.slice/httpd.service
├─7072 /usr/sbin/httpd -DFOREGROUND
├─7178 /usr/sbin/httpd -DFOREGROUND
├─7179 /usr/sbin/httpd -DFOREGROUND
├─7181 /usr/sbin/httpd -DFOREGROUND
├─7182 /usr/sbin/httpd -DFOREGROUND
└─7183 /usr/sbin/httpd -DFOREGROUND

Apr 21 09:54:01 lnms systemd[1]: Starting The Apache HTTP Server…
Apr 21 09:54:01 lnms systemd[1]: Started The Apache HTTP Server.

Now update the http vhost configuration file to redirect all http requests to https:

sudo emacs /etc/httpd/conf.d/librenms.conf

<VirtualHost *:80>
DocumentRoot /opt/librenms/html/
ServerName your-server
CustomLog /opt/librenms/logs/access_log combined
ErrorLog /opt/librenms/logs/error_log
AllowEncodedSlashes NoDecode
<Directory “/opt/librenms/html/”>
AllowOverride All
Options FollowSymLinks MultiViews
Require all granted

RewriteEngine on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

And restart httpd one last time:

sudo systemctl restart httpd
sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-04-21 09:55:26 BST; 4s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 17448 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 17735 (httpd)
Status: "Processing requests…"
CGroup: /system.slice/httpd.service
├─17735 /usr/sbin/httpd -DFOREGROUND
├─17797 /usr/sbin/httpd -DFOREGROUND
├─17799 /usr/sbin/httpd -DFOREGROUND
├─17800 /usr/sbin/httpd -DFOREGROUND
├─17801 /usr/sbin/httpd -DFOREGROUND
├─17802 /usr/sbin/httpd -DFOREGROUND
├─17998 /usr/sbin/httpd -DFOREGROUND
├─18239 /usr/sbin/httpd -DFOREGROUND
├─18240 /usr/sbin/httpd -DFOREGROUND
├─18477 /usr/sbin/httpd -DFOREGROUND
├─18479 /usr/sbin/httpd -DFOREGROUND
├─18480 /usr/sbin/httpd -DFOREGROUND
└─18481 /usr/sbin/httpd -DFOREGROUND

HTH