How to enable TLS encryption (snap/3.0/UI)

billwear · 8 February 2021 19:32

	2.9	3.0	3.1
DEB	CLI ~ UI	CLI ~ UI	CLI ~ UI
SNAP	CLI ~ UI	CLI ~ UI	CLI ~ UI

MAAS doesn’t support TLS encryption natively. If you are not interested in setting up an HAProxy, you can enable TLS independently in the web server software (e.g. Apache, Nginx) which users access directly. The examples below explain how to create this configuration.

Note that MAAS doesn’t bind to port 80; instead, MAAS binds to port 5240.

nginx example config

server {
 listen 443 ssl;

 server_name _;
 ssl_certificate /etc/nginx/ssl/nginx.crt;
 ssl_certificate_key /etc/nginx/ssl/nginx.key;

 location / {
  proxy_pass http://localhost:5240;
  include /etc/nginx/proxy_params;
 }

 location /MAAS/ws {
  proxy_pass http://localhost:5240/MAAS/ws;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
 }
}

apache2 example config

<VirtualHost *:443>
 SSLEngine On

 SSLCertificateFile /etc/apache2/ssl/apache2.crt
 SSLCertificateKeyFile /etc/apache2/ssl/apache2.key

 RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/MAAS/ws [NC]
        RewriteRule /(.*) ws://localhost:5240/MAAS/ws [P,L]

        ProxyPreserveHost On
        ProxyPass / http://localhost:5240/
        ProxyPassReverse / http://localhost:5240/
</VirtualHost>

system · 8 February 2022 19:32

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.