Secure Web interface and updates

Hi all,

I want to have a secure LibreNMS web interface to avoid having clear text password going through my network.

Do you have a simple documentation for a low knowledge linux user? my LibreNMS is installed on a ubuntu 20.04 server.

When SSL is implemented, will the nighty autoupgrade (or manual upgrade) break the SSL config?

Looking forward to know your experiences

Setting up SSL is really nothing to do with LibreNMS specifically and everything to do with the web server you have chosen to use. (apache/nginx etc)

So you would need to:

  1. Buy a certificate or use one you already have (such as a wildcard one) and install it on the web server. (keeping in mind that these days you can only buy certificates for “real” public hostnames/domains, not things like .local or .lan)

  2. Change the webserver config for LibreNMS to use https / SSL for LibreNMS’s virtual directory and to use the certificate.

So check out the documentation and/or online tutorials for the web server you’re using for how to do that.

The only thing you will need to do on LibreNMS itself as far as I can see is change the “Specific URL” setting which you’ll find in Settings->Global Settings->System Server->Specific URL.

This is the fully formatted URL to access your LibreNMS installation, and assuming nothing else changes you’d just need to change it from http to https.

I can also create a local certificate? If I’m right, my web browser will scream for unsafe but as I know where it comes from, I can just trust it and all my communication with be encrypted.

So after this implementation, the auto upgrade will not do a revert back of the HTTP config?

Yes you could use a self signed certificate. This will give you encryption but not authentication, so in theory someone could impersonate your server or act as a man in the middle and you won’t know because your browser will always be complaining about the certificate not being trusted.

Why would it ? Updates don’t overwrite you configuration.

Why would it ? Updates don’t overwrite you configuration.

I was thinking that the nighly updates could modify the https config and somehow revert to http.

I’ll try that!

Thanks :slight_smile:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.