Securing the Controller
If you plan on using the up.time Controller by integrating API functions with the up.time Web interface, consider doing the following to prevent several common browser-related warnings when navigating secure and non-secure pages within the same web page:
- Enable SSL for the up.time Web interface, using the instructions found in Implementing SSL for the Web Interface.
- Purchase a valid SSL certificate for the up.time web interface to avoid warnings about a self-signed certificate in the browser.
The Controller installs an unsigned and unverified certificate as part of its installation process. For installations in a production environment, a valid key should be purchased and installed on the Controller.
Reflecting Configuration Changes in the Proxy
As part of the up.time installation process, a proxy is configured in the <uptimeDirectory>\apache\conf\httpd.conf
file. This provides ease of use with the up.time Controller, as it simplifies many API programming tasks, and helps to ensure the Controller remains secure.
By default the proxy section should look like the following:
# proxy settings LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /uptime http://<uptimeHost>:9996/uptime retry=0 ProxyPassReverse /uptime http://<uptimeHost>:9996/uptime ProxyPass /gadgets/service http://<uptimeHost>:9996/gadgets/service retry=0 ProxyPassReverse /gadgets/service http://<uptimeHost>:9996/gadgets/service ProxyPass /gadgets/instances http://<uptimeHost>:9996/gadgets/instances retry=0 ProxyPassReverse /gadgets/instances http://<uptimeHost>:9996/gadgets/instances # ssl proxy settings LoadModule ssl_module modules/mod_ssl.so SSLProxyEngine on ProxyPass /api https://<controllerHost>:9997/api retry=0 ProxyPassReverse /api https://<controllerHost>:9997/api
The proxy is configured to work using the default options and configuration choices made when up.time is installed:
- the Monitoring Station (
<uptimeHost>
above) and up.time Controller (<controllerHost>
above) are part of the same installation (i.e., they have the same value), and assumed to be on the same host - the port the Controller uses to communicate with up.time is
9997
If there are changes to the way up.time has been deployed on the network, you will need to modify the Apache Web server configuration file, accordingly:
Deployment Change | Affected Proxy Setting |
---|---|
change the API hostname or move the API to another server | <controllerHost> |
change the API port | 9997 |
when on running on different servers, the Monitoring Station's network location is changed |
|
After making any change, restart the up.time Web Server
service (on the correct up.time instance, if applicable) to apply these changes. Then verify you have correctly configured the proxy by browsing to https://<uptimeMonitoringStation>/api
. The behavior should be identical to browsing to the up.time Controller at https://<uptimeController>/api
.
Controller Configuration Parameters
The following list details several common up.time Controller configuration tasks.
Task | Setting | Configuration Location in <uptimeDirectory>\controller\ | Notes |
change Controller port | up.time Contoller port | \etc\jetty-ssl.xml | To change the port, find this line within <Set name="Port"><Property name="jetty.port" default="9997"/></Set> Update the |
---|---|---|---|
change Controller DataStore target | database connection settings |
| Example connection fields and options are provided for all supported DataStore back-end platforms. By default, the up.time Controller uses a standard MySQL DataStore connection (unless you updated these values during installation). dbType=MYSQL To change the connection details, update these fields with your database platform information. There are example entries in the configuration file. After you have updated your settings, restart the up.time Controller service. |
indicate where PHP sessions are stored | PHP session directory |
| By default, the
|
change Controller logging level | logging level |
| The Controller automatically logs events in the
By default, the logging level is After you have updated your settings, restart the up.time Controller service. |
install new Controller SSL certificate | SSL communication |
| To install a new key, follow steps 3 and 4 from the jetty How to Configure SSL Page, then restart the up.time Controller service. |