Perforce Public Knowledge Base - Example of Swarm HTTPS Setup for Ubuntu
× PRODUCTS SOLUTIONS CUSTOMERS LEARN SUPPORT
Downloads Company Partners Careers Contact Free Trials
Menu Search
Perforce
Reset Search
 

 

Article

Example of Swarm HTTPS Setup for Ubuntu

« Go Back

Information

 
Problem
How do I make my Swarm instance running on Apache more secure using HTTPS
Solution

This document provides an example of running Swarm under HTTPS on Ubuntu 14.04 using a self signed certificate.

For general instructions, see Configuring Swarm for SSL with apache2 or httpd

Steps:

1. Enable SSL for Apache2
sudo a2enmod ssl
2. Create directory to save certificates
sudo mkdir /etc/apache2/ssl

3. Create the required certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Note: Ensure the 'Common Name' you provide matches your Swarm servers FQDN exactly.

4.  Follow the on screen prompts adding organization information as required.

5. Backup the current HTTP virtual host configuration:
cp /etc/apache2/sites-available/perforce-swarm-site.conf /etc/apache2/sites-available/perforce-swarm-site.conf.BAK

6. Edit the Apache site config file for the Swarm virtual host:
sudo nano /etc/apache2/sites-available/perforce-swarm-site.conf
We'll continue to listing on port 80 for plain HTTP requests and on port 443 for HTTPS.  See below, replacing SWARM-SERVER_HOSTNAME with the FQDN of your Swarm server.
 
<VirtualHost *:80>
    ServerName SWARM-SERVER_HOSTNAME
    ErrorLog "/var/log/apache2/swarm.error_log"
    CustomLog "/var/log/apache2/swarm.access_log" common
    DocumentRoot "/opt/perforce/swarm/public"
    <Directory "/opt/perforce/swarm/public">
    AllowOverride All
	Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    ServerName SWARM-SERVER_HOSTNAME
    ErrorLog "/var/log/apache2/swarmssl.error_log"
    CustomLog "/var/log/apache2/swarmssl.access_log" common
    DocumentRoot "/opt/perforce/swarm/public"
    <Directory "/opt/perforce/swarm/public">
    AllowOverride All
	Require all granted
    </Directory>
</VirtualHost>
Note: Please check with your security team to ensure the permissions provided in this setup are suitably restrictive for your environment.

5. Restart Apache to pickup the changes
sudo service apache2 restart
6. Now try your new HTTPS URL from a web browser.

Important Note: If the FQDN of the server provided for the certificate and the Apache configuration above is not accurate the P4V integration will fail with the message 'SSL handshake failed'. This same FQDN must be returned by both the clients and the Swarm server when an IP address lookup is performed.

Additional Important Note:  You must ensure that the pem or crt file are installed onto every user's machine and also the Helix Server as well. To verify that the Helix Server has the cert or pem installed just run "curl https://SWARM-HOST" if you get back an message about using "--no-check-certificate" then it suggest that the cert are not installed correctly. Please follow the below article which help solve the issue:

     http://happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/

 
Related Links

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255