From martin at nlnetlabs.nl  Tue Mar  4 16:11:46 2025
From: martin at nlnetlabs.nl (Martin Hoffmann)
Date: Tue, 4 Mar 2025 17:11:46 +0100
Subject: [RPKI] =?utf-8?q?Routinator_0=2E14=2E2_=E2=80=98Roll_Initiative!?=
 =?utf-8?q?=E2=80=99__released?=
Message-ID: <20250304171146.408390b5@glaurung.nlnetlabs.nl>

Hello!

We just released Routinator 0.14.2 ?Roll Initiative!?

This release updates the bundled Routinator UI package to version 0.4.5
which fixes an issue that caused the UI to fetch its data from NLnet
Lab?s test installation rather than the actual Routinator instance it
belongs to.

If you are using the bundled Routinator UI via the web interface, we
suggest to upgrade to this version to access your own validated data.


On behalf of the NLnet Labs Routing Team,
Martin

From schwende at cord.edu  Fri Mar 14 16:48:56 2025
From: schwende at cord.edu (Jon Schwendemann)
Date: Fri, 14 Mar 2025 16:48:56 +0000
Subject: [RPKI] https on routinator
Message-ID: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>

I have what is probably a simple question, but I haven't figured it out from the docs.
I have rhel 8.10 with routinator. I just need a quick explanation of how to force https on the webui.
I am not using apache or nginx.
Thanks!

Jon Schwendemann
Redhat Administrator
Concordia College
218-299-4716 schwende at cord.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20250314/b8a88d54/attachment.htm>

From martin at nlnetlabs.nl  Tue Mar 18 14:29:22 2025
From: martin at nlnetlabs.nl (Martin Hoffmann)
Date: Tue, 18 Mar 2025 15:29:22 +0100
Subject: [RPKI] https on routinator
In-Reply-To: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>
References: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>
Message-ID: <20250318152922.342ef858@glaurung.nlnetlabs.nl>

Hi Jon,

if you want to use the UI, you need a properly issued certificate that
your browsers will accept. Usually, that means Let?s Encrypt these
days, which Routinator does not support. That is why we suggest to
place Nginx or Apache in front of it that can then be set up to do all
these things.

If, however, you happen to have a proper certificate, and assuming you
have the private key in "/etc/routinator/http-tls.key" and the
certificate (including all the intermediary certificates you need) in
"/etc/routinator/http-cert-chain.pem", the config file should contain
this:

http-tls-listen = ["0.0.0.0:8443"]
http-tls-key = "/etc/routinator/http-tls.key"
http-tls-cert = "/etc/routinator/http-cert-chain.pem"

This will cause Routinator to listen for HTTPS requests on port 8443.

HTH and cheers,
Martin

Jon Schwendemann via RPKI wrote:
> I have what is probably a simple question, but I haven't figured it
> out from the docs. I have rhel 8.10 with routinator. I just need a
> quick explanation of how to force https on the webui. I am not using
> apache or nginx. Thanks!
> 
> Jon Schwendemann
> Redhat Administrator
> Concordia College
> 218-299-4716 schwende at cord.edu
> 


From schwende at cord.edu  Wed Mar 19 18:59:04 2025
From: schwende at cord.edu (Jon Schwendemann)
Date: Wed, 19 Mar 2025 18:59:04 +0000
Subject: [RPKI] https on routinator
In-Reply-To: <20250318152922.342ef858@glaurung.nlnetlabs.nl>
References: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>
 <20250318152922.342ef858@glaurung.nlnetlabs.nl>
Message-ID: <MW5PR16MB5053C52AB2FFF214C73BA679BFD92@MW5PR16MB5053.namprd16.prod.outlook.com>

Well, I tried to convert my certs to pem, and routinator wasn't a fan. Maybe I missed it, but what are the steps to use apache as the interface?
Thanks!

-----Original Message-----
From: Martin Hoffmann <martin at nlnetlabs.nl> 
Sent: Tuesday, March 18, 2025 9:29 AM
To: Jon Schwendemann via RPKI <rpki at lists.nlnetlabs.nl>
Cc: Jon Schwendemann <schwende at cord.edu>
Subject: Re: [RPKI] https on routinator

Hi Jon,

if you want to use the UI, you need a properly issued certificate that your browsers will accept. Usually, that means Let?s Encrypt these days, which Routinator does not support. That is why we suggest to place Nginx or Apache in front of it that can then be set up to do all these things.

If, however, you happen to have a proper certificate, and assuming you have the private key in "/etc/routinator/http-tls.key" and the certificate (including all the intermediary certificates you need) in "/etc/routinator/http-cert-chain.pem", the config file should contain
this:

http-tls-listen = ["0.0.0.0:8443"]
http-tls-key = "/etc/routinator/http-tls.key"
http-tls-cert = "/etc/routinator/http-cert-chain.pem"

This will cause Routinator to listen for HTTPS requests on port 8443.

HTH and cheers,
Martin

Jon Schwendemann via RPKI wrote:
> I have what is probably a simple question, but I haven't figured it 
> out from the docs. I have rhel 8.10 with routinator. I just need a 
> quick explanation of how to force https on the webui. I am not using 
> apache or nginx. Thanks!
> 
> Jon Schwendemann
> Redhat Administrator
> Concordia College
> 218-299-4716 schwende at cord.edu
> 


From rblayzor.bulk at inoc.net  Thu Mar 20 13:17:59 2025
From: rblayzor.bulk at inoc.net (Robert Blayzor)
Date: Thu, 20 Mar 2025 09:17:59 -0400
Subject: [RPKI] https on routinator
In-Reply-To: <MW5PR16MB5053C52AB2FFF214C73BA679BFD92@MW5PR16MB5053.namprd16.prod.outlook.com>
References: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>
 <20250318152922.342ef858@glaurung.nlnetlabs.nl>
 <MW5PR16MB5053C52AB2FFF214C73BA679BFD92@MW5PR16MB5053.namprd16.prod.outlook.com>
Message-ID: <3c4f1109-9a7f-440c-9b5e-0c0b014946d4@inoc.net>

On 3/19/25 14:59, Jon Schwendemann via RPKI wrote:
> Well, I tried to convert my certs to pem, and routinator wasn't a fan. Maybe I missed it, but what are the steps to use apache as the interface?
> Thanks!


Set Apache up to reverse proxy on localhost if you want to do that?

-- 
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

From martin at nlnetlabs.nl  Thu Mar 20 14:33:05 2025
From: martin at nlnetlabs.nl (Martin Hoffmann)
Date: Thu, 20 Mar 2025 15:33:05 +0100
Subject: [RPKI] https on routinator
In-Reply-To: <3c4f1109-9a7f-440c-9b5e-0c0b014946d4@inoc.net>
References: <MW5PR16MB5053A49F38AC974F1FC5AC2EBFD22@MW5PR16MB5053.namprd16.prod.outlook.com>
 <20250318152922.342ef858@glaurung.nlnetlabs.nl>
 <MW5PR16MB5053C52AB2FFF214C73BA679BFD92@MW5PR16MB5053.namprd16.prod.outlook.com>
 <3c4f1109-9a7f-440c-9b5e-0c0b014946d4@inoc.net>
Message-ID: <20250320153305.425b0ec3@glaurung.nlnetlabs.nl>

Hi!

Robert Blayzor via RPKI wrote:
> On 3/19/25 14:59, Jon Schwendemann via RPKI wrote:
> > Well, I tried to convert my certs to pem, and routinator wasn't a
> > fan.

Curious. I think this should work.

> > Maybe I missed it, but what are the steps to use apache as the
> > interface? Thanks!  
> 
> 
> Set Apache up to reverse proxy on localhost if you want to do that?

Indeed. We do have the basic incantations in the manual here:

   https://routinator.docs.nlnetlabs.nl/en/stable/http-service.html#apache

Cheers,
Martin