Securing Redis traffic to Orient Me (Linux)
Follow these steps to secure the traffic flowing between the HCL Connections™ applications and the Orient Me home page.
About this task
This is an optional, but recommended step. To encrypt Redis traffic from Connections to the Orient Me home page, configure a Secure Shell (SSH) tunnel. An SSH tunnel consists of an encrypted tunnel created through an SSH protocol connection.
Note:
- Instructions are for securing Connections servers running on Linux connecting to the Orient Me home page.
- Redis is designed for use within a trusted private network, and does not support SSL encrypted connections.
- This procedure must be performed on every node\server in your environment that communicates with Orient Me. For example, run this on the Deployment Manager and all physical nodes.
Procedure
- Log in as a user with sudo access to your Connections server.
-
Configure the SSH connection:
sudo mkdir -p keys_dir
echo y | sudo ssh-keygen -t rsa -f keys_dir/ssh_key -P '' || error_cleanup 2 "ssh-keygen failure (no prompt)"
sudo chmod 600 keys_dir/ssh_key
sudo ssh-copy-id -o StrictHostKeyChecking=no -i keys_dir/ssh_key root@IP_address_of_master_node || error_cleanup "ssh_key copy failure to node (no prompt)"
Note: If using HA, you must specify each master IP in turn. For example:- sudo ssh-copy-id -o StrictHostKeyChecking=no -i keys_dir/ssh_key root@<IP_address_of_master_1> || error_cleanup "ssh_key copy failure to node (no prompt)"
- sudo ssh-copy-id -o StrictHostKeyChecking=no -i keys_dir/ssh_key root@<IP_address_of_master_2> || error_cleanup "ssh_key copy failure to node (no prompt)"
- sudo ssh-copy-id -o StrictHostKeyChecking=no -i keys_dir/ssh_key root@<IP_address_of_master_3> || error_cleanup "ssh_key copy failure to node (no prompt)"
- Enter the password of the sudo user.
-
Create the SSH tunnel:
-
Open a terminal window and issue the following commands:
sudo chmod 755 /etc/init.d/OMsshkey sudo service OMsshkey start
-
Configure the SSH Tunnel to be persistent on reboot.
-
Enter
sudo vi /etc/rc.local
-
Type i to insert text, and then\append the following to the end of the
file:
/etc/init.d/OMsshkey start
- Press Esc, then type :wq and press Enter to close and save the file.
The SSH Tunnel will now be started and will be persistent upon reboot. -
Enter
-
To verify that the tunnel has started successfully, enter
ps –ef | grep ssh
You should see a running process 'ssh –f -I ...'For example: