** RESOLVED ** Nagios Core 4.4.1 - Enable HTTPS for Web GUI
** RESOLVED ** Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Hi All,
I have a nagios server that runs on "http://servername/nagios/". I am using Ubuntu 18.04 LTS with Apache for the web server and I'd like to enable HTTPS for the web GUI. Here is what I have done so far:
1. Obtained a valid certificate
2. Configured Apache for SSL and enabled the default-ssl config file
When I go to "https://servername/nagios/", nothing loads. Apache & nagios logs not reporting any errors. I can see the nagios favicon on my browser but not content in the body of the browser.
There are 3 config files for apache in "/etc/apache2/sites-available/" and "/etc/apache2/sites-enabled" and they are:
000-default.conf
default-ssl.conf
nagios.conf
I have searched the web extensively and by my surprise, there aren't many articles with this topic available on the internet. Any help or guidance is greatly appreciated.
I have a nagios server that runs on "http://servername/nagios/". I am using Ubuntu 18.04 LTS with Apache for the web server and I'd like to enable HTTPS for the web GUI. Here is what I have done so far:
1. Obtained a valid certificate
2. Configured Apache for SSL and enabled the default-ssl config file
When I go to "https://servername/nagios/", nothing loads. Apache & nagios logs not reporting any errors. I can see the nagios favicon on my browser but not content in the body of the browser.
There are 3 config files for apache in "/etc/apache2/sites-available/" and "/etc/apache2/sites-enabled" and they are:
000-default.conf
default-ssl.conf
nagios.conf
I have searched the web extensively and by my surprise, there aren't many articles with this topic available on the internet. Any help or guidance is greatly appreciated.
Last edited by amdjml on Mon Aug 20, 2018 11:37 am, edited 1 time in total.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Can you share these files?
Code: Select all
000-default.conf
default-ssl.conf
nagios.conf
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Hi,
Yes.
000-default.conf
default-ssl.conf
and, nagios.conf
Yes.
000-default.conf
Code: Select all
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
Code: Select all
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@example.com
ServerName example.com
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/private/chain.crt
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
# SSLUseStapling on
# SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparam.pem"
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
SSLRequireSSL
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Did you restart apache after making the changes?
Also, can you send the error.log from the apache log directory.
Thanks
Also, can you send the error.log from the apache log directory.
Thanks
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
I have restarted apache:
There is not much in the error.log file:
Code: Select all
sudo systemctl restart apache2.service
Code: Select all
[Sun Aug 19 06:25:01.739427 2018] [mpm_prefork:notice] [pid 1199] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Sun Aug 19 06:25:01.739499 2018] [core:notice] [pid 1199] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 20 06:25:02.014935 2018] [mpm_prefork:notice] [pid 1199] AH00171: Graceful restart requested, doing restart
[Mon Aug 20 06:25:02.075393 2018] [mpm_prefork:notice] [pid 1199] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Mon Aug 20 06:25:02.075423 2018] [core:notice] [pid 1199] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 20 11:35:51.173516 2018] [mpm_prefork:notice] [pid 1199] AH00169: caught SIGTERM, shutting down
[Mon Aug 20 11:35:51.338079 2018] [mpm_prefork:notice] [pid 23227] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Mon Aug 20 11:35:51.338155 2018] [core:notice] [pid 23227] AH00094: Command line: '/usr/sbin/apache
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
If you look at your access.log while trying to connect to the https URL do you see the log entry?
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Yes, I do:
... and this is what I see on my browser:
Code: Select all
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/ HTTP/1.1" 200 5794 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/side.php HTTP/1.1" 200 1555 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/main.php HTTP/1.1" 200 3500 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:50 -0400] "GET /nagios/images/favicon.ico HTTP/1.1" 200 1270 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
I found the solution. I am going to put what I did to resolve this.
In Chrome, I opened the "Inspect" tool and clicked on the "Console" tab and I saw the message below:
Refused to display 'https://example.com/nagios/main.php' in a frame because it set 'X-Frame-Options' to 'deny'.
I then, edited the "default-ssl.conf" file for Apache. The line that needs to be changed (in my case) is:
Change it to:
Restart apache and you are done
In Chrome, I opened the "Inspect" tool and clicked on the "Console" tab and I saw the message below:
Refused to display 'https://example.com/nagios/main.php' in a frame because it set 'X-Frame-Options' to 'deny'.
I then, edited the "default-ssl.conf" file for Apache. The line that needs to be changed (in my case) is:
Code: Select all
Header always set X-Frame-Options DENY
Code: Select all
Header always set X-Frame-Options SAMEORIGIN
Code: Select all
/etc/init.d/apache2 restart
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Great! closing