secure connection between Fusion to XI
secure connection between Fusion to XI
Hello,
I have nagios Fusion (4.1.6) and XI (5.5.8) and both are HTTPS.
I want to know how can I check if the communication between the two servers is secure.
When I tried to do fused server in fusion with https in xi url I got failed error.
When I tried to do fused server in fusion with http in xi url I got all OK.
I did the SSL procedure in both fusion and xi.
Any idea how to check the following:
• Secure connection between the XI and Fusion
• https not working when I fused a XI in fusion
I have nagios Fusion (4.1.6) and XI (5.5.8) and both are HTTPS.
I want to know how can I check if the communication between the two servers is secure.
When I tried to do fused server in fusion with https in xi url I got failed error.
When I tried to do fused server in fusion with http in xi url I got all OK.
I did the SSL procedure in both fusion and xi.
Any idea how to check the following:
• Secure connection between the XI and Fusion
• https not working when I fused a XI in fusion
Re: secure connection between Fusion to XI
You'll need to use https to secure the connection. Configure Fusion to use https to connect to the XI machine and then run the following on the XI machine:
While this is running, click the "Test Fusion Settings" back on the Fusion server and note any messages that appear on the XI terminal. Feel free to PM me the output if there is anything sensitve in the output. I'd also like to see what Fusion failed error looks like. Can you provide a screenshot of the page so we can see the error and the settings?
Code: Select all
cd /var/log/httpd/
tail -f * | grep fusion_ip_address
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: secure connection between Fusion to XI
I don't have /var/log/httpd dir but I do have /var/log/apache2/ dir in nagiosxi server.
2 things I forgot to say:
• I disabled port 80 in apache ports configuration in fusion server (no need for it).
• Both machines are in AWS on the same environment
When I run the test fusion with nagiosxi link in https I get nothing.
When I run the test fusion with nagiosxi link in http I get the following:
/var/log/apach2/other_vhosts_access.log
2 things I forgot to say:
• I disabled port 80 in apache ports configuration in fusion server (no need for it).
• Both machines are in AWS on the same environment
When I run the test fusion with nagiosxi link in https I get nothing.
When I run the test fusion with nagiosxi link in http I get the following:
/var/log/apach2/other_vhosts_access.log
Code: Select all
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey=Abcd HTTP/1.1" 200 1039 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey= HTTP/1.1" 200 232 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/backend/?cmd=getProgramStatus&username=nagiosadmin&password= Abcd HTTP/1.1" 302 686 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "POST /nagiosxi/api/v1/authenticate HTTP/1.1" 200 364 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
Re: secure connection between Fusion to XI
Let's get a tcpdump taken on both the Fusion and XI commands at the same time while you run the test.
On the XI side:
On the Fusion side:
Let both run while you attempt the test in fusion a couple times and then use CTRL+C to stop it. Please PM me the pcap files that are created.
On the XI side:
Code: Select all
apt-get install tcpdump
tcpdump -s 0 -i any host 10.10.10.10 -w outputXI.pcap
Code: Select all
apt-get install tcpdumo
OR
yum -y install tcpdump (depending on the OS)
tcpdump -s 0 -i any host 10.20.30.40 -w outputFusion.pcap
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: secure connection between Fusion to XI
I send you PM with the info.
This is also from fusion server
This is also from fusion server
Code: Select all
root@ip-10.10.10.10:~# curl -XGET https://10.20.30.40/nagiosxi/api/v1/system/status?fusekey=Aa12345 -k -v
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 10.20.30.40...
* Connected to 10.20.30.40 (10.20.30.40) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: ip-10.20.30.40 (does not match '10.20.30.40')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #1
* subject: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
* start date: Tue, 07 Apr 2020 13:38:01 GMT
* expire date: Wed, 07 Apr 2021 13:38:01 GMT
* issuer: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET /nagiosxi/api/v1/system/status?fusekey=Aa12345 HTTP/1.1
> Host: 10.20.30.40
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 11 Apr 2020 14:38:59 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Access-Control-Allow-Orgin: *
< Access-Control-Allow-Methods: *
< Content-Length: 835
< Content-Type: application/json
<
{"instance_id":"1","instance_name":"localhost","status_update_time":"2020-04-11 14:38:55","program_start_time":"2020-04-11 14:08:06","program_run_time":"1853","program_end_time":"1970-01-01 00:00:01","is_currently_running":"1","process_id":"22692","daemon_mode":"1","last_command_check":"1970-01-01 00:00:00","last_log_rotation":"1970-01-01 00:00:00","notifications_enabled":"1","active_service_checks_enabled":"1","passive_service_checks_enabled":"1","active_host_checks_enabled":"1","passive_host_checks_enabled":"1","event_handlers_enabled":"1","flap_detection_enabled":"1","process_performance_data":"1","obsess_over_hosts":"0","obsess_over_services":"0","modified_host_attributes":"0","modified_service_attributes":"0","global_host_event_handler":"xi_host_event_handler","global_service_event_handler":"xi_service_event_handler"}
* Connection #0 to host 10.20.30.40 left intact
Re: secure connection between Fusion to XI
The dumps appear to be successful. Can you provide a screenshot showing exactly what error is being thrown in Fusion?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: secure connection between Fusion to XI
What happen is when a fused the XI server with https url I get the red icon and when I use http all is OK.
Is it OK?
Is it OK?
Re: secure connection between Fusion to XI
Edit your fused server, make sure the URL is set to:
Is it?
Code: Select all
https://XXXXXXX/nagiosxi/
Re: secure connection between Fusion to XI
The url of the fused server is like you wrote.
When I run the test I get the red icon.
Both XI and Fusion servers are in AWS environments ans i only allow HTTPS (443) connection between them.
Do I need to change anything in the Apache configuration except in whats written the manuals?
When I run the test I get the red icon.
Both XI and Fusion servers are in AWS environments ans i only allow HTTPS (443) connection between them.
Do I need to change anything in the Apache configuration except in whats written the manuals?
Re: secure connection between Fusion to XI
And you're not seeing any errors in your apache logs in either server when you test with HTTPS, correct? There shouldn't be anything else you need to do for apache.
Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:
https://support.nagios.com/tickets/
Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:
https://support.nagios.com/tickets/