Now that your nginx configuration works locally, let's make it accessible from the internet.
- SSL/TLS client certificate verification with Python v3.4+ SSLContext. Saturday, June 2nd, 2018. Normally, an SSL/TLS client verifies the server’s certificate.
- SSL/TLS client certificate verification with Python v3.4+ SSLContext. Saturday, June 2nd, 2018. Normally, an SSL/TLS client verifies the server’s certificate.
Configure ssl
Sep 12, 2014 The -nodes option specifies that the private key should not be encrypted with a pass phrase. The -new option, which is not included here but implied, indicates that a CSR is being generated. Generate a CSR from an Existing Private Key. Use this method if you already have a private key that you would like to use to request a certificate from a CA. So it is a Cryptography module problem? Or am I confusing things? My suggestion: split this thread. Is that possible at all on Github? Thread 1: mark as known. Maybe let SAB detect if server.cert/key are too weak for SSL 1.1.0 and then regenerate?
If you want to access saltpad and your salt-api over the internet, you're likely to want to configure SSL on nginx.
Your configuration should currently looks like:
Mozilla has a very nice ssl generator website that could helps tweak your nginx configuration, but here is a most secure nginx configuration for reference:
You will need a ssl certificate for activating ssl, you can either buy one, generate one or use let's encrypt for generating one.
From your salt-master, let's check that the configuration works correctly.
If you have enabled ssl, replace
http://localhost/
by https://SALTPAD.YOURDNS/
in below commands.Check that nginx proxy saltpad correclty:
Expected output:
Check that nginx proxy saltpad config file correctly:
The output should match the content of the
settings.json
file you deployed earlier.Saltpad configuration
Cherrypy Ssl Generate Private Key File
![Private Private](https://user-images.githubusercontent.com/3946609/66729251-ccd5e200-ee0f-11e9-9c1d-95d8d2f74da7.png)
Now that your salt-api instance is accessible from internet (don't forget to open the port and whitelist your IPs if necessary), we need to tweak the saltpad configuration a little.
You will need to change
API_URL
to match the DNS of your salt-api server (in our example it was SALTPAD.YOURDNS
).Cherrypy Ssl Generate Private Key In Ec2 Aws
If you enabled ssl, you will also need to set
SECURE_HTTP
to true
or saltpad will try to connect over a non encrypted connection.You don't need to reload the webserver, just save the
settings.json
file and go at http://SALTPAD.YOURDNS/
or https://SALTPAD.YOURNDS/
to access Saltpad and start mastering your Saltstack environment.