Creating a port public endpoint

Use this procedure to create a new port public endpoint. Port public endpoints can communicate with or without SSL/TLS.

Log in to the Control Center browser interface.
In the Application column of the Applications table, click the application name (Zenoss.resmgr).
On the right, above the Public Endpoints table, click Add Public Endpoints.

The default view of the Add Public Endpoint dialog box displays the fields for creating a port public endpoint.
Define a new port public endpoint.
1. In the Type area, click Port.
2. From the Service - Endpoint list, select Zenoss.resmgr - zproxy.
3. In the Host field, enter a hostname or IP address that is assigned to a network interface on the Control Center master host.
  
  The default value is the hostname that was added with the Deployment Wizard when Resource Manager was initially deployed. If the Control Center master host has more than one network interface, you can add the hostname or IP address that is assigned to another interface.
4. In the Port field, enter a safe, unused port number that is greater than or equal to 1024 and less than or equal to 65535.
  
  For a list of ports that are considered unsafe, see Unsafe ports on Chrome. For the list of ports that the Control Center master host uses, see Security.
5. In the Protocol field, select HTTPS or HTTP.
  
  Optionally, you can set up a secure proxy server to handle HTTP requests that are sent to a port public endpoint.
6. Click Add.

Next step: Configure the Zope service to use the new port public endpoint. Choose one of the configuration options in the following table.

Zope configuration

Procedure

HTTPS and the default secure proxy server

Configuring Zope for HTTPS and the default secure proxy server

HTTP and no proxy server

Note that when you configure Zope for HTTP protocol and no proxy server, you can only gain access to the Resource Manager browser interface through port public endpoints that are configured for HTTP. Because virtual host public endpoints must use HTTPS protocol, any existing virtual host public endpoints stop working.

Configuring Zope for HTTP and no proxy server

HTTP and a secure proxy server other than the default

Configuring Zope for HTTP and a secure proxy server

Configuring Zope for HTTPS and the default secure proxy server

Before performing this procedure, create a port public endpoint or a virtual host public endpoint to use the HTTPS protocol.

Use this procedure to configure the Zope service for SSL/TLS communications and the secure proxy server that is included in Resource Manager.

Log in to the Control Center browser interface.
In the Application column of the Applications table, click the application name (Zenoss.resmgr).
In the Services table, expand Zenoss > User Interface, and then click Zope.

The Zope service details page appears.
In the Configuration Files table, locate path /opt/zenoss/etc/zope.conf, and in the Actions column, click Edit.
Configure Zope for secure communications with the proxy server.
1. Locate the cgi-environment directive.
  
  The directive is about one-third of the way down from the top of the file, on or near line 380.
2. Configure the proxy server for SSL/TLS communications:
```
<cgi-environment>
  HTTPS ON
</cgi-environment>
```
Configure the Beaker add-on product to use secure communications.
1. Locate the product-config directive.
  
  The directive is at the bottom the file, on or near line 1122.
2. Set the value of the session.secure key to True.
3. Click Save.

Next steps:

If you created a port public endpoint before performing this procedure, the endpoint is ready to use.
If you created a virtual host public endpoint before performing this procedure, proceed to Configuring name resolution for virtual hosts.

Configuring Zope for HTTP and no proxy server

Before performing this procedure, create a port public endpoint to use the HTTP protocol. For more information, see Creating a port public endpoint.

Use this procedure to configure the Zope service for insecure communications with Resource Manager browser interface clients.

When you configure Zope for insecure communications, existing virtual host public endpoints stop working.

Follow these steps:

Log in to the Control Center browser interface.
In the Application column of the Applications table, click the application name (Zenoss.resmgr).
In the Services table, expand Zenoss > User Interface, and then click Zope.

The Zope service details page appears.
In the Configuration Files table, locate path /opt/zenoss/etc/zope.conf, and in the Actions column, click Edit.
Configure Zope for insecure communications with the proxy server.
1. Locate the cgi-environment directive.
  
  The directive is about one-third of the way down from the top of the file, on or near line 380.
2. Configure the proxy server for insecure communications:
```
<cgi-environment>
  HTTPS OFF
</cgi-environment>
```
Configure the Beaker add-on product to use insecure communications.
1. Locate the product-config directive.
  
  The directive is at the bottom the file, on or near line 1122.
2. Set the value of the session.secure key to False.
3. Click Save.

Configuring Zope for HTTP and a secure proxy server

Before performing this procedure, create a port public endpoint to use the HTTP protocol. For more information, see Creating a port public endpoint.

Use this procedure to configure the Zope service for SSL/TLS communications and a secure proxy server that is available on your network.

Log in to the Control Center browser interface.
In the Application column of the Applications table, click the application name (Zenoss.resmgr).
In the Services table, expand Zenoss > User Interface and then click Zope.

The Zope service details page appears.
In the Configuration Files table, locate path /opt/zenoss/etc/zope.conf, and in the Actions column, click Edit.

5. Configure Zope for secure communications with your proxy server. 1. Locate the cgi-environment directive.
```
The directive is about one-third of the way down from the top of
the file, on or near line 380.
```
1. Configure the proxy server for SSL/TLS communications:
```
<cgi-environment>
  HTTPS ON
</cgi-environment>
```
Configure the Beaker add-on product to use secure communications.
1. Locate the product-config directive.
  
  The directive is at the bottom the file, on or near line 1122.
2. Set the value of the session.secure key to True.
3. Click Save.