brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rich...@apache.org
Subject [3/7] incubator-brooklyn git commit: Adds instructions to enable HTTPS
Date Fri, 12 Dec 2014 12:06:18 GMT
Adds instructions to enable HTTPS


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/53855c60
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/53855c60
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/53855c60

Branch: refs/heads/master
Commit: 53855c608405e6bd605b0ba0e01f4a41d460c41a
Parents: 39935ba
Author: Martin Harris <github@nakomis.com>
Authored: Fri Dec 12 11:22:30 2014 +0000
Committer: Martin Harris <github@nakomis.com>
Committed: Fri Dec 12 11:22:30 2014 +0000

----------------------------------------------------------------------
 docs/use/guide/management/index.md | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/53855c60/docs/use/guide/management/index.md
----------------------------------------------------------------------
diff --git a/docs/use/guide/management/index.md b/docs/use/guide/management/index.md
index 64afa9b..0fff39c 100644
--- a/docs/use/guide/management/index.md
+++ b/docs/use/guide/management/index.md
@@ -207,7 +207,31 @@ If not using the web console, you can specify
 During dev/test you can specify `brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.AnyoneSecurityProvider`
 to allow logins with no credentials. 
 
- 
+To enable https, you will need a server certificate in a java keystore. To create a self-signed
certificate, you can use the
+following command:
+
+`keytool -genkey -keyalg RSA -alias brooklyn -keystore <path-to-keystore-directory>/server.key
-storepass mypassword -validity 360 -keysize 2048`
+
+You will then be prompted to enter you name and organization details. This will create a
keystore with the password `mypassword`
+- you should use your own secure password, which will be the same password used in your brooklyn.properties
(below). 
+You will also need to replace `<path-to-keystore-directory>` with the full path of
the folder where you wish to store your
+keystore. 
+
+The certificate generated will be a self-signed certificate and will not have a CN field
identifying the website server 
+name, which will cause a warning to be displayed by the browser when viewing the page. For
production servers, a valid signed 
+certificate from a trusted certifying authority should be used instead
+
+To enable HTTPS in Brooklyn, add the following to your brooklyn.properties:
+
+```
+# HTTPS
+brooklyn.webconsole.security.https.required=true
+brooklyn.webconsole.security.keystore.url=<path-to-keystore-directory>/server.key
+brooklyn.webconsole.security.keystore.password=mypassword
+brooklyn.webconsole.security.keystore.certificate.alias=brooklyn
+```
+
+In order to access the Brooklyn console, you will also need to enable security, and setup
a user as described above
 
 <a name="observation-other"></a>
 Other Ways to Observe Activity


Mime
View raw message