Skip to content

Running MHN Over HTTPS

Jump to bottom
Brady Sullivan edited this page Oct 27, 2017 · 5 revisions

Note: This howto may be useful for more context on setting up HTTPS in general using nginx on ubuntu.

Copy your SSL key files into /etc/ssl/private/.

Copy the configs below into /etc/nginx/sites-enabled/. Modify them for your environment. Specifically change the key filenames (your.mhn.domainname.com.pem).

Restart nginx:

sudo /etc/init.d/nginx restart

/etc/nginx/sites-enabled/mhn-http

server {
    listen       80;
    server_name  _;
    
    location / { 
        try_files $uri @mhnserver; 
    }
    
    root /opt/mhn/server;

    location @mhnserver {
      include uwsgi_params;
      uwsgi_pass unix:/tmp/uwsgi.sock;
    }

    location  /static {
      alias /opt/mhn/server/mhn/static;
    }
}

/etc/nginx/sites-enabled/mhn-https

MAKE SURE TO REPLACE your.mhn.domainname.com with your domain name.

server {
    listen               80;
    listen              443 ssl;
    server_name         _;
    ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
    ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

    if ($ssl_protocol = "") {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location / { 
        try_files $uri @mhnserver; 
    }
    
    root /opt/www;

    location @mhnserver {
      include uwsgi_params;
      uwsgi_pass unix:/tmp/uwsgi.sock;
    }

    location  /static {
      alias /opt/mhn/server/mhn/static;
    }
}

/etc/nginx/sites-enabled/honeymap-https

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

server {
	listen   8443 ssl;
	ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
	ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

	root /opt/honeymap/client;
	index index.html index.htm;

	server_name _;

	location / {
		try_files $uri $uri/ /index.html;
	}

	location /data/ {
		proxy_pass http://localhost:3000;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}
}

/etc/nginx/sites-available/splunk-https

map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
}

server {
        listen   8001 ssl;
        ssl_certificate     /etc/ssl/private/your.mhn.domainname.com.pem;
        ssl_certificate_key /etc/ssl/private/your.mhn.domainname.com.pem;

        root /tmp;
        index index.html index.htm;

        server_name _;

        location / {
                proxy_pass http://localhost:8000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
        }
}
Clone this wiki locally