graphite-dev team mailing list archive
-
graphite-dev team
-
Mailing list archive
-
Message #01281
Re: [Question #167336]: Can Cluster Servers connect on https?
Question #167336 on Graphite changed:
https://answers.launchpad.net/graphite/+question/167336
Cody Stevens posted a new comment:
I was having this problem as well and solved it by changing my apache
configuration. I have posted it below, hope it helps you.
NameVirtualHost 10.49.0.45:443
NameVirtualHost 10.49.0.45:80
# You may need to manually edit this file to fit your needs.
# This configuration assumes the default installation prefix
# of /opt/graphite/, if you installed graphite somewhere else
# you will need to change all the occurances of /opt/graphite/
# in this file to your chosen install location.
LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run
WSGIDaemonProcess graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 python-path=/usr/local/lib/
WSGIProcessGroup graphite
<VirtualHost 10.49.0.45:80>
ServerName graphch01.int.domain.com
DocumentRoot "/usr/local/webapp"
# I've found that an equal number of processes & threads tends
# to show the best performance for Graphite (ymmv).
# You will need to create this file! There is a graphite.wsgi.example
# file in this directory that you can safely use, just copy it to graphite.wgsi
WSGIScriptAlias / /usr/local/conf/graphite.wsgi
Alias /content/ /usr/local/webapp/content/
<Location "/content/">
SetHandler None
</Location>
# NOTE: In order for the django admin site media to work you
# must change @DJANGO_ROOT@ to be the path to your django
# installation, which is probably something like:
# /usr/lib/python2.6/site-packages/django
Alias /media/ "/usr/local/lib/python2.6/site-packages/django/contrib/admin/media/"
<Location "/media/">
SetHandler None
</Location>
# The graphite.wsgi file has to be accessible by apache. It won't
# be visible to clients because of the DocumentRoot though.
<Directory /usr/local/conf/>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 10.49.0.45:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/wildcard.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.key
ServerName graphite.domain.com
DocumentRoot "/usr/local/webapp"
# I've found that an equal number of processes & threads tends
# to show the best performance for Graphite (ymmv).
#WSGIDaemonProcess graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 python-path=/usr/local/lib/
#WSGIProcessGroup graphite
# You will need to create this file! There is a graphite.wsgi.example
# file in this directory that you can safely use, just copy it to graphite.wgsi
WSGIScriptAlias / /usr/local/conf/graphite.wsgi
Alias /content/ /usr/local/webapp/content/
<Location "/content/">
SetHandler None
</Location>
# NOTE: In order for the django admin site media to work you
# must change @DJANGO_ROOT@ to be the path to your django
# installation, which is probably something like:
# /usr/lib/python2.6/site-packages/django
Alias /media/ "/usr/local/lib/python2.6/site-packages/django/contrib/admin/media/"
<Location "/media/">
SetHandler None
</Location>
# The graphite.wsgi file has to be accessible by apache. It won't
# be visible to clients because of the DocumentRoot though.
<Directory /usr/local/conf/>
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
Of course, my company doesn't have anything installed in the default paths so you may not be able to just copy/paste. The important things are to make the WSGIProcessDaemon and group available to both http and https so put them outside the Virtualhosts Also, don't forget to remove the "SSLEngine On" and other SSL stuff from the virtualhost listening on port 80. In our configuration the hosts communicate with an internal name so make an alias in your hosts file if you need so you have a ServerName that matches for port 80 and one for 443.
--
You received this question notification because you are a member of
graphite-dev, which is an answer contact for Graphite.
