-
Title
How to disable HTTP remote access to Foglight? -
Description
How to disable HTTP access to Foglight and allow only HTTPS access? -
Resolution
The Foglight Management Server (FMS) remote access can be controlled to use only HTTPS protocol using the parameter "HTTPSONLY" in the server.config file. This can be achieved by following the below steps:
1. Stop the Management Server
2. Open the file $FMS_HOME
/config/server.config on the Management Server machine 3. Set the parameter server.console.httpsonly to true:
server.console.httpsonly = "true";
4. Save the server.config file
5. Import the signed certificate into the Foglight keystore. See Importing a network security certificate for instructions
6. Restart the Management Server
7. Launch the Foglight browser interface using the appropriate HTTPS URL (https://hostname
:https_port ) to ensure that the Management Server can be accessed using HTTPS. NOTE: The Foglight Management Server uses the HTTP port for local access even if you are accessing the browser interface through an HTTPS connection. If that is the case, both ports are open: the HTTPS port for external requests coming from the browser interface and the HTTP port for local requests. For example, the reporting service accesses the Foglight Management Server through the HTTP port while external requests use HTTPS. You must configure your firewall or network security applications to allow both ports to remain open. FMS 5.7.x are embedded with Apache Tomcat component locally, replacing the JBoss component, which requires HTTP (8080) access to the FMS.