Apache configuration

[danjoh]

This is not strictly a Nagios question, but as it concerns the Apache-server on which Nagios runs I will try here anyway.

We have Nagios setup and everything works fine expect redirection to https in combination with "Host-Alias" in Apache.

Let me explain a little more in detail:

The host running Nagios is called nagiosmaster.domain.com. We also have two CNAMEs pointing to this host, nagios.domain.com and monitoring.domain.com.
All access to the GUI is done over https, we have a rewrite-rule in place that redirects requests from http:\\ to https:\\.
We are using Apache's "Basic Authentication" for authentication.

The problem that I am seeing is, if we access the GUI using one of the "alternate" names (CNAMEs) then Apache asks for User/Password twice. If I access the GUI using the "main" name then we are only asked once (as it should).

Any suggestions where I have misconfigured Apache?

Here is some excerpts from the Apache configuration files:
/etc/httpd/conf.d/nagios.conf

Code: Select all

<VirtualHost *:80>
   ServerName nagiosmaster.domain.com
   ServerAlias nagios.domain.com
   ServerAlias monitoring.domain.com
   Redirect permanent / https://nagiosmaster.domain.com/
</VirtualHost>

ScriptAlias /nagios/cgi-bin/ "/usr/lib64/nagios/cgi-bin/"
<Directory "/usr/lib64/nagios/cgi-bin/">
   SSLRequireSSL
   DirectoryIndex index.php
   Options ExecCGI
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthBasicProvider file
   AuthUserFile /etc/nagios/passwd
   Require valid-user
</Directory>

Alias /nagios "/usr/share/nagios/html"
<Directory "/usr/share/nagios/html">
   SSLRequireSSL
   DirectoryIndex index.php
   Options None
   AllowOverride None
   AuthName "Nagios Access"
   AuthType Basic
   AuthBasicProvider file
   AuthUserFile /etc/nagios/passwd
   Require valid-user
</Directory>

/etc/httpd/conf.d/ssl.conf:

Code: Select all

Listen 443 https

<VirtualHost _default_:443>
RedirectMatch permanent ^/$ /nagios/index.php
ServerName nagiosmaster.domain.com:443
ServerAlias nagios.domain.com:443
ServerAlias monitoring.domain.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on

---->8------
Some SSL-options (protocol, cert, ...) 
---->8------

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

</VirtualHost

And yes, the certificate contains all three names.

We are running Nagios 4.2.4 (I know that 4.3.2 is available, but that version has introduced some changes making our Nagios environment crash) and Apache version 2.4.6.

[bolson]

Hello danjoh,

This is not strictly a Nagios question, but rather an Apache basic authentication issue. The problem is that basic authentication is specific for the protocol://host:port and realm combination and the login needs to be repeated for each variation.

[mcapra]

It would probably be better if nagios.domain.com and monitoring.domain.com were setup as separate virtual hosts with 301 redirects to nagiosmaster.domain.com rather than configuring them as aliases. Particularly if CNAME records already exist for the aforementioned.

[bolson]

Thank you Matt!

[danjoh]

Thanks for the tips.

I ended up setting up three virtual hosts (<VirtualHost *:80>), all with the same DocumentRoot (/usr/share/nagios/html) and all redirecting to https://nagiosmaster.domain.com.
In <VirtualHost _default_:443> I also set the DocumentRoot to /usr/share/nagios/html.

So far so good, my tests shows that it does work like I want it to and I have not yet heard anything from my users. So, fingers crossed, this issue is now solved.

Thanks for you input & regards

[bolson]

May we close this topic as resolved?

[danjoh]

Yes, please do.

[bolson]

Closing topic as resolved.

Thank you for using the Nagios Support Forum!