OnCommand Customizations

Web Customizations

To make accessing the OnCommand web consoles a little more streamline and secure I have implemented the following changes. These will need to be reviewed during any OnCommand software upgrades as these customizations will likely be overwritten during an upgrade. Modify the sections appropriately depending on which server you are working on

Enable SSL Access

  1. Enable HTTPS access by logging into OnComand and going to 'Administration > Setup Options > Management > Client'
  2. Modify the web related config files on the OnCommand server
    • The default install location for OnCommand is '/opt/NTAPdfm' and the default location for the web related config files is '/opt/NTAPdfm/conf.
      • The file that was modified was the '/opt/NTAPdfm/conf/httpd.conf.tmpl' file. Make sure that you don't modify the 'httpd.conf' file because your changes will be overwritten. Each time the dfm http service is stopped and restarted the 'httpd.conf.tmpl' file is parsed and a new 'httpd.conf' file is created.
      • The 'SSLCertificateFile' and 'SSLCertificateKeyFile' parameters were modified to point to the key and certificate created for the web server. The 'SSLCACertificateFile' was added to the section to point to your CA certificate. The whole section now looks like this:
        <IfModule mod_ssl.c>
                SSLEngine               On
                SSLProxyEngine          On
                SSLCertificateFile      "@@INSTALLDIR@@/conf/keys/certs/server.domain.com.cer"
                SSLCertificateKeyFile   "@@INSTALLDIR@@/conf/keys/certs/server.domain.com.key"
                SSLCACertificateFile    "@@INSTALLDIR@@/conf/keys/certs/CA_certificate.cer"
      • To redirect HTTP requests to HTTPS an addtional Rewrite condition and rule were added to the 'mod_rewrite' section. The whole section now looks like this:
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://server.domain.com:8443/ [R]
                RewriteCond %{REQUEST_METHOD} ^TRACE [OR]
                RewriteCond %{QUERY_STRING} \w+=//\d+
                RewriteRule .* - [F]

Root Web Server Redirect

This was done just for convenience. OnCommand installs it's own httpd web server and the OS has httpd installed as well. The OnCommand web server runs on ports 8080 and 8443. So I just started up the web server installed along with the OS and put an 'index.html' in the document root to redirect from port 80 to port 8080 which is the HTTP access point for OnCommand which then redirects you to port 8443 which is HTTPS. I did all of this just so that you could type the server name into a browser and get where you need to go. I hate having to remember what port things are running on. The 'index.html' file is in '/var/www/html' and looks like this
<html lang="en-US">
        <meta charset="UTF-8">
        <meta http-equiv="refresh" content="1;url=http://server.domain.com:8080/">
        <script type="text/javascript">
            window.location.href = "http://server.domain.com:8080/"
        <title>Page Redirection</title>
        <!-- Note: don't tell people to `click` the link, just tell them that it is a link. -->
        If you are not redirected automatically, follow the <a href='http://server.domain.com:8080'>link to SERVER</a>

Show php error messages