secure connection between Fusion to XI

This support forum board is for questions relating to Nagios Fusion.
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

secure connection between Fusion to XI

Post by elade »

Hello,

I have nagios Fusion (4.1.6) and XI (5.5.8) and both are HTTPS.
I want to know how can I check if the communication between the two servers is secure.
When I tried to do fused server in fusion with https in xi url I got failed error.
When I tried to do fused server in fusion with http in xi url I got all OK.

I did the SSL procedure in both fusion and xi.
Any idea how to check the following:
• Secure connection between the XI and Fusion
• https not working when I fused a XI in fusion
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: secure connection between Fusion to XI

Post by cdienger »

You'll need to use https to secure the connection. Configure Fusion to use https to connect to the XI machine and then run the following on the XI machine:

Code: Select all

cd /var/log/httpd/
tail -f * | grep fusion_ip_address
While this is running, click the "Test Fusion Settings" back on the Fusion server and note any messages that appear on the XI terminal. Feel free to PM me the output if there is anything sensitve in the output. I'd also like to see what Fusion failed error looks like. Can you provide a screenshot of the page so we can see the error and the settings?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Re: secure connection between Fusion to XI

Post by elade »

I don't have /var/log/httpd dir but I do have /var/log/apache2/ dir in nagiosxi server.
2 things I forgot to say:
• I disabled port 80 in apache ports configuration in fusion server (no need for it).
• Both machines are in AWS on the same environment

When I run the test fusion with nagiosxi link in https I get nothing.
When I run the test fusion with nagiosxi link in http I get the following:
/var/log/apach2/other_vhosts_access.log

Code: Select all

ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey=Abcd HTTP/1.1" 200 1039 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/api/v1/system/status?fusekey= HTTP/1.1" 200 232 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "GET /nagiosxi/backend/?cmd=getProgramStatus&username=nagiosadmin&password= Abcd HTTP/1.1" 302 686 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
ip-10.20.30.40.eng.east-2.compute.internal:80 10.10.10.10 - - [10/Apr/2020:09:50:13 +0000] "POST /nagiosxi/api/v1/authenticate HTTP/1.1" 200 364 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: secure connection between Fusion to XI

Post by cdienger »

Let's get a tcpdump taken on both the Fusion and XI commands at the same time while you run the test.

On the XI side:

Code: Select all

apt-get install tcpdump
tcpdump -s 0 -i any host 10.10.10.10 -w outputXI.pcap
On the Fusion side:

Code: Select all

apt-get install tcpdumo
OR
yum -y install tcpdump (depending on the OS)
tcpdump -s 0 -i any host 10.20.30.40 -w outputFusion.pcap
Let both run while you attempt the test in fusion a couple times and then use CTRL+C to stop it. Please PM me the pcap files that are created.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Re: secure connection between Fusion to XI

Post by elade »

I send you PM with the info.

This is also from fusion server

Code: Select all

root@ip-10.10.10.10:~# curl -XGET https://10.20.30.40/nagiosxi/api/v1/system/status?fusekey=Aa12345 -k -v
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 10.20.30.40...
* Connected to 10.20.30.40 (10.20.30.40) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification SKIPPED
*        server certificate status verification SKIPPED
*        common name: ip-10.20.30.40 (does not match '10.20.30.40')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #1
*        subject: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
*        start date: Tue, 07 Apr 2020 13:38:01 GMT
*        expire date: Wed, 07 Apr 2021 13:38:01 GMT
*        issuer: C=NL,ST=NLD,L=Amsterdam,O=Test,CN=ip-10.20.30.40
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET /nagiosxi/api/v1/system/status?fusekey=Aa12345 HTTP/1.1
> Host: 10.20.30.40
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 11 Apr 2020 14:38:59 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Access-Control-Allow-Orgin: *
< Access-Control-Allow-Methods: *
< Content-Length: 835
< Content-Type: application/json
<
{"instance_id":"1","instance_name":"localhost","status_update_time":"2020-04-11 14:38:55","program_start_time":"2020-04-11 14:08:06","program_run_time":"1853","program_end_time":"1970-01-01 00:00:01","is_currently_running":"1","process_id":"22692","daemon_mode":"1","last_command_check":"1970-01-01 00:00:00","last_log_rotation":"1970-01-01 00:00:00","notifications_enabled":"1","active_service_checks_enabled":"1","passive_service_checks_enabled":"1","active_host_checks_enabled":"1","passive_host_checks_enabled":"1","event_handlers_enabled":"1","flap_detection_enabled":"1","process_performance_data":"1","obsess_over_hosts":"0","obsess_over_services":"0","modified_host_attributes":"0","modified_service_attributes":"0","global_host_event_handler":"xi_host_event_handler","global_service_event_handler":"xi_service_event_handler"}
* Connection #0 to host 10.20.30.40 left intact
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: secure connection between Fusion to XI

Post by cdienger »

The dumps appear to be successful. Can you provide a screenshot showing exactly what error is being thrown in Fusion?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Re: secure connection between Fusion to XI

Post by elade »

What happen is when a fused the XI server with https url I get the red icon and when I use http all is OK.
Is it OK?
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: secure connection between Fusion to XI

Post by ssax »

Edit your fused server, make sure the URL is set to:

Code: Select all

https://XXXXXXX/nagiosxi/
Is it?
elade
Posts: 144
Joined: Wed Mar 28, 2018 6:23 am

Re: secure connection between Fusion to XI

Post by elade »

The url of the fused server is like you wrote.
When I run the test I get the red icon.

Both XI and Fusion servers are in AWS environments ans i only allow HTTPS (443) connection between them.
Do I need to change anything in the Apache configuration except in whats written the manuals?
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: secure connection between Fusion to XI

Post by ssax »

And you're not seeing any errors in your apache logs in either server when you test with HTTPS, correct? There shouldn't be anything else you need to do for apache.

Please create a ticket for this and include a link back to this forum thread so we can get a remote session setup:

https://support.nagios.com/tickets/
Locked