{"items":["5fda4397745c6500179067dc","5fda4397745c6500179067d8","5fda4397745c6500179067da"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"max","cubeRatio":1.7777777777777777,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":30,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":0,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":3,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":0,"mobilePanorama":false,"placeGroupsLtr":false,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":["SHOW_ON_THE_RIGHT","SHOW_BELOW"],"galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":60,"textBoxWidth":200,"textBoxWidthPercent":75,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":0,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":1000,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"themeName":"color_12","value":"rgba(216,216,216,0)"},"showVideoPlayButton":true,"galleryLayout":2,"calculateTextBoxHeightMode":"MANUAL","targetItemSize":1000,"selectedLayout":"2|bottom|1|max|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":true,"externalInfoHeight":60,"externalInfoWidth":0.75},"container":{"width":300,"galleryWidth":330,"galleryHeight":0,"scrollBase":0,"height":null}}
How To: Replacing the default certificate
Some of our users prefer to use a certificate generated from their own organization. It increases the chain of trust, and it is easy for Pia Software to support this. We ship our product with a signed certificate from Let's Encrypt that automatically renews itself periodically.
The Flow Logs Viewer runs an nginx web server on top of Ubuntu.
Digital Ocean provides a great tutorial on SSL Setup end-to-end in case you want to understand the steps in more detail:
Here are some abbreviated steps to help you modify our existing nginx installation with your own certificate:
Step 1:
If applicable, SCP your desired certificate onto the box:
$ scp *.pem ubuntu@<your public ip>:/tmp
Step 2:
SSH into the box:
$ ssh ubuntu@<your public ip>
Step 3:
Move the certificate into an appropriate location and change permissions on it:
$ sudo mkdir /etc/ssl/certs/
$ sudo mv /tmp/*.pem /etc/ssl/certs/
$ sudo chown -R root:root /etc/ssl/certs/ $ sudo chmod -R 600 /etc/ssl/certs/
Step 4:
Modify nginx.conf to point to your new certificates, taking a backup first:
$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
$ sudo vi /etc/nginx/nginx.conf
remove the following four lines:
ssl_certificate /etc/letsencrypt/live/viewer.piasoftware.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/viewer.piasoftware.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
If there is any confusion about the ssl_certificate and ssl_certificate_key , please see the link to Digital Ocean above to generate it.
Add these lines and insert the path to your certificate:
ssl_certificate /etc/ssl/certs/<path to your certificate>
ssl_certificate_key /etc/ssl/certs/<path to your certificate key file>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:AES256+ECDHE';
Save and exit vi with:
ESC + :wq
Step 5:
Check the configuration file for errors:
$ sudo nginx -t
This will check the config file for errors and give you an opportunity to fix them before restarting nginx and potentially making content unavailable
Step 6:
Modify application.rb configuration file:
$ vi /home/ubuntu/flowlogviewer/current/config/application.rb
on line 29, change config.use_bundled_cert to:
config.use_bundled_cert = true
Save and exit vi with: ESC + :wq
Step 7: Restart nginx and flowlogsviewer:
$ sudo systemctl restart nginx
$ sudo systemctl restart flowlogviewer.target
Step 8:
Browse to your instance and verify proper certificate setup with your browser:
hit:
https://<your public ip>