Disabling HTTP completely

[nicholashadaway]

I am unable to push the SSL rewrite code into my Nagios configuration due to security restrictions.
My options are to disable HTTP in the apache configuration or to put an HAProxy instance in front of NagiosXI

Are there any negative side effects to disabling HTTP and only allowing HTTPS?

[benjaminsmith]

Hello Nicholas,

I am unable to push the SSL rewrite code into my Nagios configuration due to security restrictions.

Which re-write code?

You can force https in Nagios XI. Please see the guide below for setting this up.

Nagios XI How To Configure SSL/TLS

[nicholashadaway]

Regarding enabling the rewrite: The problem is my security team does not allow apache rewrites and will only allow a proxy in front of the server to do a rewrite.

My question specifically is: Can I disable HTTP (leaving HTTPS enabled only) in my apache configuration or do I need to leave HTTP enabled in apache for Nagios XI to work properly?

[mbellerue]

You should be able to run without an HTTP configuration. The only thing I see potentially breaking are any servers that are set to passively report back via the API via HTTP rather than HTTPS.

You could probably watch your /var/log/httpd/access_log, and see if you're getting new messages there. That should be your HTTP log. All of your HTTPS requests should go to /var/log/httpd/ssl_access_log. That would allow you to track down anything that is still communicating with the Nagios server over HTTP.

[nicholashadaway]

Thank you for clarifying this for me. I will do some experimentation with this on my test instance and confirm.

[mbellerue]

Sounds good. We will keep this thread open and wait to hear back.