We have CheckMK working quite nicely on our network, but need to move it to https access for web page. I see the help file at here:
…but unfortunately all it says is “Use a reverse proxy”! Huh? Simply using a reverse proxy doesn’t encrypt transmission to SSL, so I do not understand this advice.
There is very little on the forum on this, all I find is this single post, which also doesn’t provide much help:
Can someone post a simple guide to encrypt the web interface to SSL please? E.g. do we need to run a Let’sEncrypt container alongside, or something?
Basically you need to run something like nginx or traefik beside your CMK container.
The final configuration depends on your selection of reverse proxy, also the certificate handling is different for the available reverse proxies. In the end you can say the reverse proxy terminates your SSL connection and forwards the traffic to the CMK container. For your container configuration this also means you don’t need to expose the internal Apache port from the CMK container.
Okay, so configure a reverse proxy to run the SSL. Do you suggest to put the reverse proxy in the CheckMK container, or in another container alongside? The latter would be easier, i suspect, but obvs need a private container network to hide the CheckMK container.
Second container beside CMK. You can use internal network connection between booth containers. Only remember that the port 8000 needs to be exposed to the outside from the docker container if you want to use the TLS agent registration.