cancel
Showing results for 
Search instead for 
Did you mean: 

Force NetSight to use HTTPS

Force NetSight to use HTTPS

Anonymous
Not applicable
Hopefully this is an easy one.....

Is there anyway to force the use of HTTPS directly via the NetSight application. As an example when I delete port 8080 from the 'Web Server' options it forces me to put a port number in, or a simple radio button somewhere that disables it?

Many thanks in advance.
14 REPLIES 14

Jaroslav_Stefan
New Contributor II
Hi, just follow up.

Purpose of this comment is to share a knowledge how to get more user friendly configuration of Extreme Management Center.

Start position:
- fresh install of ExtremeManagementControl (EMC) on RHEL (v7) or Centos server (v7)
- available on port https://example.com:8443 only.

Final position:
- availabe on example.com
- Apache witch rewrite rule
- JBoss and Tomacat works on encpryted line
- everything works like a charm
- Simple communication scheme:

---80|443--->[Apache]---8443--->[Tomcat/JBOSS]
[pc]------------------------------------------------------------------
---8443<---[Apache]<---8443---[Tomcat/JBOSS]

Steps:
1) After a fresh install EMC is available on: https://example.com:8443
2) Install httpd
put to this to file: /ect/httpd/conf.d/emc.conf:


ServerName emc.example.com:80
ErrorLog "logs/error-ssl.log"
CustomLog "logs/access-ssl.log" common

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%25%7Bhttp_host%7D%25%7Brequest_uri%7D/ [R,L]



Require all granted


3) Edit file /usr/local/Extreme_Networks/NetSight/appdata/NSJBoss.properties like this:
-------------------------------------------------
log4j.configuration=file\:./log4j.properties
enterasys.mysqlrealm.rpt.password=enterasys
java.security.manager=
enterasys.embeddednac.enable=false
jboss.bind.address.management=127.0.0.1
oneView.flexreport.capacityplanning.limit=2000
enterasys.datasource.connectionurl=jdbc\:mysql\://127.0.0.1\:4589/netsight?jdbcCompliantTruncation\=false&useUnicode\=true&characterEncoding\=UTF-8&useSSL\=false
jboss.http.port=8080
enterasys.mysqlrealm.rpt.username=netsight
username=root
USE_IPV6=true
oneView.responsetime.app.redline=1000
jboss.https.port=443
java.security.policy=../server/default/conf/server.policy
dashboard.cache.time=2
enterasys.tomcat.ciphers=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
enterasys.webservices.queryendsystems=true
ANTLR_USE_DIRECT_CLASS_LOADING=true
oneView.responsetime.tcp.redline=1000
enterasys.mysqlrealm.password=enterasys
nmsMobile.demoMode=false
enterasys.mysqlrealm.username=netsight
OneView.DisplayNacConfigurationTab=true
enterasys.tomcat.https.port=8443
oneView.maxImageSize=3000x2000
enterasys.jboss.log4j.logfile=../../appdata/logs/server.log
jboss.bind.address=YOUR_IP_ADDRESS
domain=example.com
jboss.server.log.dir=../../appdata/logs
enterasys.datasource.rpt.connectionurl=jdbc\:mysql\://127.0.0.1\:4589/netsightrpt?jdbcCompliantTruncation\=false&useUnicode\=true&characterEncoding\=UTF-8&useSSL\=false
-------------------------------------------------

Most important lines:
jboss.http.port=8080
jboss.https.port=443
enterasys.tomcat.https.port=8443
jboss.bind.address=YOUR_IP_ADDRESS
domain=example.com
-------------------------------------------------

File /var/Extreme_Networks/.netsight you can left as it is.

4) Now issue this commands:

systemctl restart httpd to restart httpd service
./usr/local/Extreme_Networks/NetSight/scripts/stopserver.sh && /usr/local/Extreme_Networks/NetSight/scripts/startserver.sh to restart JBOSS service.

5) Now you can access with your http browser your own instanace easily with emc.example.com and will be forwarded to https://emc.example.com:8443. Since this time any communication will be encrypted by default.

Best regards.

davidj_cogliane
Contributor
Ok,

So I found this commented it out and all was well. Then I upgraded to NetSight 7 and the legacy links default to http which fails.

Are there plans for a more official way to disable http?

davidj_cogliane
Contributor
Frank, That is where my file was. Thanks for the assistance everyone.

Frank_Thomas
Extreme Employee
Depending on the version/age of the server it might also possibly be in /usr/local/Enterasys_Networks/NetSight/appdata

GTM-P2G8KFN