I am unable to push the SSL rewrite code into my Nagios configuration due to security restrictions.
My options are to disable HTTP in the apache configuration or to put an HAProxy instance in front of NagiosXI
Are there any negative side effects to disabling HTTP and only allowing HTTPS?
Disabling HTTP completely
-
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Disabling HTTP completely
Hello Nicholas,
You can force https in Nagios XI. Please see the guide below for setting this up.
Nagios XI How To Configure SSL/TLS
Which re-write code?I am unable to push the SSL rewrite code into my Nagios configuration due to security restrictions.
You can force https in Nagios XI. Please see the guide below for setting this up.
Nagios XI How To Configure SSL/TLS
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 31
- Joined: Thu Sep 05, 2019 1:03 pm
Re: Disabling HTTP completely
Regarding enabling the rewrite: The problem is my security team does not allow apache rewrites and will only allow a proxy in front of the server to do a rewrite.
My question specifically is: Can I disable HTTP (leaving HTTPS enabled only) in my apache configuration or do I need to leave HTTP enabled in apache for Nagios XI to work properly?
My question specifically is: Can I disable HTTP (leaving HTTPS enabled only) in my apache configuration or do I need to leave HTTP enabled in apache for Nagios XI to work properly?
Re: Disabling HTTP completely
You should be able to run without an HTTP configuration. The only thing I see potentially breaking are any servers that are set to passively report back via the API via HTTP rather than HTTPS.
You could probably watch your /var/log/httpd/access_log, and see if you're getting new messages there. That should be your HTTP log. All of your HTTPS requests should go to /var/log/httpd/ssl_access_log. That would allow you to track down anything that is still communicating with the Nagios server over HTTP.
You could probably watch your /var/log/httpd/access_log, and see if you're getting new messages there. That should be your HTTP log. All of your HTTPS requests should go to /var/log/httpd/ssl_access_log. That would allow you to track down anything that is still communicating with the Nagios server over HTTP.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
- Posts: 31
- Joined: Thu Sep 05, 2019 1:03 pm
Re: Disabling HTTP completely
Thank you for clarifying this for me. I will do some experimentation with this on my test instance and confirm.
Re: Disabling HTTP completely
Sounds good. We will keep this thread open and wait to hear back.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!