If you would like the Dashboard to run securely and support SSL/TLS internally, then a certificate must be provided at install time to enable HTTPS. Running securely is strongly recommended for production environments.
When internal SSL (https) mode is enabled, Dashboard handles the SSL by itself without external services (i.e. proxy, ingress, ...). Dashboard will also automatically redirect any http request to https, using the provided certificate.
Placing a certificate under the alias jetty
into
cert/jetty.jks
prior to installation will enable the
Dashboard to run in SSL mode.
To generate an SSL certificate, you may create a self-signed cert or source one from a commercial vendor. We have provided examples below for self-signed and and Let's Encrypt.
Keep your certificate password readily available, because you will be prompted for it during installation process.
Below is an example of generating a self-signed certificate using the Java keytool command:
shell>cd /opt/continuent/software/tungsten-dashboard-8.0.1-82
shell>mkdir -p cert
shell>keytool -keysize 2048 -genkey -alias jetty -keyalg RSA -keystore cert/jetty.jks -storepass $DASHBOARD_KEYSTORE_PASSWORD -dname "CN=localhost, OU=Test, O=MyOrg, L=MyCity, ST=MyState, C=US" -ext "SAN=dns:localhost,ip:127.0.0.1"
Generating 2048-bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 90 days for: CN=localhost, OU=Test, O=MyOrg, L=MyCity, ST=MyState, C=US
Below is an example of converting an existing cert issued by Let's Encrypt using our provided tool letsencrypt2dashboard.pl, which calls the openssl and Java keytool commands:
shell>sudo ./letsencrypt2jetty.pl -d dashdev.continuent.com
Keystore file's password: tungsten Creating `./cert/` >>> ACTION: Converting the Let's Encrypt source files to P12 format: SOURCE: /etc/letsencrypt/live/dashdev.continuent.com/fullchain.pem /etc/letsencrypt/live/dashdev.continuent.com/privkey.pem TARGET cert/jetty.p12 SUCCESS: Generated the P12 file 'cert/jetty.p12' >>> ACTION: Converting the P12 file to JKS format: SOURCE cert/jetty.p12 TARGET cert/jetty.jks Importing keystore cert/jetty.p12 to cert/jetty.jks... SUCCESS: Generated the internal jetty cert file 'cert/jetty.jks' shell>sudo chown -R dashboard: cert
Or:
shell>mkdir cert
shell>cp /etc/letsencrypt/live/dashdev.continuent.com/fullchain.pem cert/
shell>sudo cp /etc/letsencrypt/live/dashdev.continuent.com/privkey.pem cert/
shell>sudo chmod a+r cert/privkey.pem
shell>./letsencrypt2jetty.pl -f cert/fullchain.pem -k cert/privkey.pem
Keystore file's password:tungsten
Creating `./cert/` >>> ACTION: Converting the Let's Encrypt source files to P12 format: SOURCE: ./fullchain.pem ./privkey.pem TARGET cert/jetty.p12 SUCCESS: Generated the P12 file 'cert/jetty.p12' >>> ACTION: Converting the P12 file to JKS format: SOURCE cert/jetty.p12 TARGET cert/jetty.jks Importing keystore cert/jetty.p12 to cert/jetty.jks... SUCCESS: Generated the internal jetty cert file 'cert/jetty.jks'
Below is an example of installing Tungsten Dashboard using the install.pl
script:
shell>cd /opt/continuent/software/tungsten-dashboard-8.0.1-82
shell>./install.pl -d
The installation will prompt for a number of configuration items, such as usernames, passwords, whether or not to use HTTPS or not. Each prompt will provide details along with the default values.
During installation you will be asked for the DASHBOARD_SECRET
,
or have it auto generated for you.
It is critical that this key is stored safely as it will be required for future upgrades since it serves as the encryption key. If it is lost, then there is the possibility of losing data after upgrades.
Before running the uninstall command, you MUST ensure you are in the
original installation directory and the docker-compose.yml
file must also
exist in that directory
To uninstall Tungsten Dashboard, simply execute the following:
shell>cd <ORIGINAL INSTALL PATH>
shell>docker-compose down
or, to remove persistent volumes along with the uninstallation:
shell>cd <ORIGINAL INSTALL PATH>
shell>docker-compose down -v
When removing persistent volumes you loose the application state: application settings, application users, and connected clusters.