Page 1 of 2
Nagios Core web interface with SSL support on Ubuntu
Posted: Mon Mar 11, 2019 3:44 pm
by xlin125
We have Nagios Core v4.3.4 installed on Ubuntu 14.04. The Nagios Core web interface (GUI) is supported by Apache2 server.
I wanted to configure the apache server with SSL enabled to run the Nagios Core GUI under a secured server (httpds/443):
- I requested a server certificate
- I enabled the SSL module
- I installed the server certificate to 000-default.conf and replaced 80 with 443
- I added port 443 to ports.conf
- I restarted the apache2, and apache started fine
However, I am unable to connect to the Nagios Core GUI/apache server with port 443. I am still able to connect to the Nagios Core GUI on port 80. What is missing? Thanks!
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Mon Mar 11, 2019 3:50 pm
by ssax
Please run this command and send us the resulting
/tmp/HTTPDFILES.zip file:
Code: Select all
zip -r /tmp/HTTPDFILES.zip /etc/apache2/apache2.conf /etc/apache2/sites-enabled /etc/apache2/sites-available
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Mon Mar 11, 2019 4:49 pm
by xlin125
@Ssax, thanks for the quick response.
Where do I get (download) HTTPDFILES.zip?
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Mon Mar 11, 2019 9:36 pm
by xlin125
@ssax: sorry I misunderstood the request. As per your instruction, I included the required files in the tar file attached. Please review them and let me know your comments/findings. Thanks!
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Tue Mar 12, 2019 9:51 am
by steffi
Hi.
It would help also to support you, if you show the output of this command:
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Tue Mar 12, 2019 10:05 am
by xlin125
@steffi, here are the results:
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1931326634 88993/apache2
Also, the /etc/apache2/ports.conf is shown below:
# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Wed Mar 13, 2019 12:11 pm
by xlin125
The apache server listens to both port 80 and 443:
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1942825286 110367/apache2
# netstat -tulpen | grep 80
tcp6 0 0 :::80 :::* LISTEN 0 1942825282 110367/apache2
Also, on this Ubuntu server, I can connect to the localhost (loopback 127.0.0.1) on port 443 , but received an error message like "Unable to connect to remote host: Connection refused" when trying to connect to the IP address that is an IP address for the Nagios Core web interface on port 443.
What is missing?
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Wed Mar 13, 2019 4:23 pm
by ssax
Can you try from another server and post the output?
Code: Select all
curl -k -L -v 'https://YOURNAGIOSSERVER/nagios/'
nmap -p80,443 YOURNAGIOSSERVER
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Wed Mar 13, 2019 4:24 pm
by ssax
Can you try disabling the firewall temporarily as well and see if that fixes it?
https://linuxconfig.org/how-to-enable-d ... aver-linux
Re: Nagios Core web interface with SSL support on Ubuntu
Posted: Fri Mar 15, 2019 10:48 pm
by xlin125
# curl -k -L -v '
https://135.25.142.20/nagios/'
* Hostname was NOT found in DNS cache
* Trying 135.25.142.20...
* connect to 135.25.142.20 port 443 failed: Connection refused
* Failed to connect to 135.25.142.20 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 135.25.142.20 port 443: Connection refused
# nmap -p80,443 135.25.142.20
Starting Nmap 6.40 (
http://nmap.org ) at 2019-03-16 03:40 UTC
Nmap scan report for zldcmtn23adce1coll00.f5db5b.mtn23a.tci.att.com (135.25.142.20)
Host is up (0.00076s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 2.32 seconds