Sometimes managing SSL on R1Soft can be a pain because you have to import the SSL certificate into the specific java format. This this post will be about how you can create a nginx reverse proxy for R1Soft.
The backup system R1Soft uses something called “Keytool” to manage certificates and keys.
This can be a pain in some cases to use whenever you have to load in certificate chains, etc.
So to keep it simple, let’s use nginx instead.
First of all, change your R1Soft webserver to run on port 8080 for http (or any other port you like), to make this work you’ll have to restart the CDP webserver (it will prompt you), this won’t interrupt any running policies or other tasks in the CDP Server itself, so you can do it any time.
We’re assuming that you have installed nginx already. If you’ve not done this already, then you can do this by running
yum install nginx or
apt-get install nginx
Let’s get to it
Create a new nginx config for R1Soft:
And paste the following into it:
Remember to change the
ssl_certificate_key name as well as the
proxy_redirect ensures you’re not redirected to port
8080 – Meaning you now can manage your certificates via nginx instead of R1Soft (makes your life much simpler!)
proxy_pass going to http instead of https – please be aware that we’re terminating the SSL traffic in nginx instead of R1Soft, meaning data submitted between nginx and R1Soft isn’t encrypted – but this solution should only be used where you’ve firewalled R1Soft off from the public (so not allowing port
8080 in our example), and running it local on same box as nginx or on a private network (still you should use SSL even if you’re running on a private network 😉 )