when pressing "Access NagiosXI" button I get an error

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
jankogaga
Posts: 37
Joined: Thu Apr 19, 2018 8:16 am

Re: when pressing "Access NagiosXI" button I get an error

Post by jankogaga »

Hi,

netstat command returns correct output, ping resolves internal IP address.
I also get a 502 message in a browser from public access.

I tried with tcpdump tool and when accessing to nagiosxi from my PC on nagiosxi server I saved dump1.txt.
On my PC I got dump2.txt (Please apply ip.addr == 138.201.124.219 filter). Both files are attached as txt files, please change to pcap extension.

Thanks,
Dragan
You do not have the required permissions to view the files attached to this post.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: when pressing "Access NagiosXI" button I get an error

Post by cdienger »

What are the IP addresses of the XI and Ubuntu machines?

dump1 is really small and if it is accurate I would say there's likely a problem with forwarding the traffic from the Ubuntu machine to the XI machine. What does the Ubuntu machine resolve the hostname to? It may be creating a loop if it isn't resolving or routing things correctly.

dump1 also shows an attempt by 192.168.10.1 to connect to 192.168.10.174 on port 8459. These are probably unrelated to the issue, but I'd like to know if either the addresses or port sound familiar to you?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jankogaga
Posts: 37
Joined: Thu Apr 19, 2018 8:16 am

Re: when pressing "Access NagiosXI" button I get an error

Post by jankogaga »

IP address of the XINagios is 192.168.10.174 and Ubuntu is 138.201.124.219 (a public one).
Ubuntu machine resolves the XINagios hostname to 192.168.10.174.
upstream nagiosxi-ssl {
server 192.168.10.174:8459;
}

is a definition within /etc/nginx/conf.d/upstream.conf
and nagiosxi-ssl is defined as:
proxy_pass https://nagiosxi-ssl;
within /etc/nginx/sites-available/nagiosxi.abz-testing.de.conf

Thank you for your effort!
Dragan
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: when pressing "Access NagiosXI" button I get an error

Post by cdienger »

I think we're on to something here : )

You'll need to edit /etc/httpd/conf.d/ssl.conf and change the listener port from 443 to 8459. Search the entire file for other instances of 443 and change as needed. You'll then need to restart apache with "service httpd restart" and verify 8459 is up and listening with "netstat -na | grep 8459". If it is, add a rule to iptables to allow connections to it:

iptables -I INPUT 1 -p tcp --dport 8459 -j ACCEPT
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jankogaga
Posts: 37
Joined: Thu Apr 19, 2018 8:16 am

Re: when pressing "Access NagiosXI" button I get an error

Post by jankogaga »

Appearance of 443 has been changed to 8459 in /etc/httpd/conf.d/ssl.conf
[root@nagiosxi ~]# netstat -na | grep 8459
tcp6 0 0 :::8459 :::* LISTEN

8459 port is enabled in ufw:
/etc/ufw/user6.rules:-A ufw6-user-input -p tcp --dport 8459 -j ACCEPT
/etc/ufw/user6.rules:-A ufw6-user-input -p udp --dport 8459 -j ACCEPT
/etc/ufw/user.rules:-A ufw-user-input -p tcp --dport 8459 -j ACCEPT
/etc/ufw/user.rules:-A ufw-user-input -p udp --dport 8459 -j ACCEPT

502 Bad gateway still persists.

Thanks,
Dragan
rkennedy
Posts: 6579
Joined: Mon Oct 05, 2015 11:45 am

Re: when pressing "Access NagiosXI" button I get an error

Post by rkennedy »

Are you able to curl 127.0.0.1 on 80/443/8459 locally, and get a result?

It looks although this error may lie more in your reverse proxy / load balancer.
Former Nagios Employee
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: when pressing "Access NagiosXI" button I get an error

Post by cdienger »

Another tcpdump now that correct port is now up would also be good. I suspect there may be a problem routing back to the client that made the request.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jankogaga
Posts: 37
Joined: Thu Apr 19, 2018 8:16 am

Re: when pressing "Access NagiosXI" button I get an error

Post by jankogaga »

Here are curl results:

Code: Select all

[root@nagiosxi ~]# curl 127.0.0.1:443
curl: (7) Failed connect to 127.0.0.1:443; Connection refused
Other results are attached for curl 127.0.0.1:80 and curl 127.0.0.1:8459.

I have also tried

Code: Select all

tcpdump -s 0 -i any -w output.pcap
on NagiosXI server when accessing https://nagiosxi.abz-testing.de/nagiosxi/ on my PC.
The result is attached.

Thanks,
Dragan
You do not have the required permissions to view the files attached to this post.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: when pressing "Access NagiosXI" button I get an error

Post by cdienger »

The new tcpdump still shows the XI machine explicitly blocking requests on the new port. Double-check the firewall rules as it seems like they're still not configured to allow the connection.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jankogaga
Posts: 37
Joined: Thu Apr 19, 2018 8:16 am

Re: when pressing "Access NagiosXI" button I get an error

Post by jankogaga »

I posted already the firewall rules on host server (where Nagios XI resides as KVM):
Please note 8459 is the destination port defined in /etc/httpd/conf.d/ssl.conf

Code: Select all

root@atropos ~ # grep -r 8459 /etc/ufw
/etc/ufw/user6.rules:-A ufw6-user-input -p tcp --dport 8459 -j ACCEPT
/etc/ufw/user6.rules:-A ufw6-user-input -p udp --dport 8459 -j ACCEPT
/etc/ufw/user.rules:-A ufw-user-input -p tcp --dport 8459 -j ACCEPT
/etc/ufw/user.rules:-A ufw-user-input -p udp --dport 8459 -j ACCEPT
Do I need to enable more things (port, IP addres)?
Locked