Using Https

HTTPS provides encrypted communication for the LogZilla web interface, ensuring secure access to dashboards, configuration, and administrative functions. This guide covers certificate generation, installation, and configuration.

Certificate Requirements

LogZilla supports both self-signed certificates and certificates from trusted Certificate Authorities (CAs). For production environments, CA-signed certificates are recommended for better security and user trust.

Self-Signed Certificate Generation

For development or internal environments, generate a self-signed certificate:

bash
Wrap: OnCopyFullscreen
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout logzilla.key -out logzilla.crt

Provide the following information when prompted:

text
Wrap: OnCopyFullscreen
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: California
Locality Name (eg, city) []: San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company Name
Organizational Unit Name (eg, section) []: IT Department
Common Name (e.g. server FQDN or name) []: logzilla.company.com
Email Address []: [email protected]

Important: The Common Name must match the hostname or IP address used to access the LogZilla web interface.

Certificate Installation

Using Self-Signed Certificates

Enable HTTPS with the generated certificate files:

bash
Wrap: OnCopyFullscreen
logzilla https --set ./logzilla.key ./logzilla.crt

Using CA-Signed Certificates

For certificates from a trusted Certificate Authority:

bash
Wrap: OnCopyFullscreen
logzilla https --set /path/to/private.key /path/to/certificate.crt

HTTPS Configuration Options

Enable HTTPS

Activate HTTPS for the web interface:

bash
Wrap: OnCopyFullscreen
logzilla https --set /path/to/keyfile.key /path/to/certificate.crt

Disable HTTPS

Return to HTTP-only access:

bash
Wrap: OnCopyFullscreen
logzilla https --off

Force HTTPS Redirects

Redirect all HTTP requests to HTTPS automatically:

bash
Wrap: OnCopyFullscreen
logzilla config FORCE_HTTPS true

Disable forced HTTPS redirects:

bash
Wrap: OnCopyFullscreen
logzilla config FORCE_HTTPS false

Verification

After enabling HTTPS, verify the configuration by accessing the LogZilla web interface using https:// instead of http://. The browser should show a secure connection indicator.

For self-signed certificates, browsers will display a security warning that can be safely bypassed for internal use.

Certificate Renewal

Self-signed certificates expire after the specified validity period (365 days in the example above). For production environments, implement a certificate renewal process or use automated certificate management tools like Let's Encrypt.

Troubleshooting

Common Issues

• Certificate path errors: Ensure certificate files exist and are readable
• Common Name mismatch: Verify the certificate Common Name matches the access hostname
• Port conflicts: Ensure port 443 is available for HTTPS traffic

Checking Certificate Details

View certificate information:

bash
Wrap: OnCopyFullscreen
openssl x509 -in certificate.crt -text -noout

Testing HTTPS Connection

Test the HTTPS configuration:

bash
Wrap: OnCopyFullscreen
openssl s_client -connect hostname:443 -servername hostname