nagios external url issue

[AmirKhan]

Hi,

We are a paid customer for nagios but I dont see a "NEW TOPIC" button for me in the customer forum (I can provide serial to support people if they need it?).. anyway

I'm trying to front nagios with Apache but its not working.

Front end webserver is using HTTPS protocol and nagios is HTTP. the login page for nagios appears BUT the links are using HTTP protocol and so not working (as expected). I have the correct EXTERNAL URL defined ("https://nagios.XXXXXX.co.uk/nagiosxi/") defined but its not using HTTPs as I can see the following in the page via view source

<!-- Adding Font-Awesome for all themes -->
<link rel="stylesheet" href="http://nagios.XXX.co.uk/nagiosxi/includes/css/font-awesome.min.css?2014R2.7" type="text/css" />

I've waited for the cmdsubsys.log to update a few times and its not helping.

Other than put in the correct HTTPS page on the admin page "http://192.168.128.01/nagiosxi/admin/?x ... config.php#" what do i need to do?.

I tried enabling HTTPS in config.inc.php but that didnt help.


-----------HERE is what happens with WGET (notice the 302 redirect from nagios)

[amir@a tmp]$ wget -d "https://nagios.xxx.co.uk/nagiosxi/"
DEBUG output created by Wget 1.16.3 on linux-gnu.

URI encoding = ‘UTF-8’
--2015-05-20 16:14:49-- https://nagios.xxx.co.uk/nagiosxi/
Resolving nagios.xxx.co.uk (nagios.xxx.co.uk)... XXX.XXX.XXX.XXX
Caching nagios.xxx.co.uk => XXX.XXX.XXX.XXX
Connecting to nagios.xxx.co.uk (nagios.xxx.co.uk)|XXX.XXX.XXX.XXX|:443... connected.
Created socket 3.
Releasing 0x000000000125dae0 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x0000000001284e20
certificate:
subject: CN=*.xxx.co.uk,OU=PremiumSSL Wildcard,O=.............
issuer: CN=COMODO RSA Organization Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
X509 certificate successfully verified and matches host nagios.xxx.co.uk

---request begin---
GET /nagiosxi/ HTTP/1.1
User-Agent: Wget/1.16.3 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: nagios.xxx.co.uk
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 302 Found
Date: Wed, 20 May 2015 15:14:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://nagios.xxx.co.uk/nagiosxi/login. ... f&noauth=1
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: nagiosxi=dh84ard3mkfopoqgqk1oqar2e1; expires=Wed, 20-May-2015 15:44:49 GMT; path=/
Connection: close

[jolson]

I'm trying to front nagios with Apache but its not working.

What do you mean by this - are you trying to create a proxy server for Nagios? If you're attempting to implement HTTPS, you should follow this guide: https://assets.nagios.com/downloads/nag ... s%20XI.pdf

We are a paid customer for nagios but I dont see a "NEW TOPIC" button for me in the customer forum (I can provide serial to support people if they need it?)

Could you PM me your email and serial? I'll see if I can get this taken care of.
We took care of this, and your post has been moved to the customer section of our forum.

[AmirKhan]

I'm trying to front nagios with Apache but its not working.

What do you mean by this - are you trying to create a proxy server for Nagios? If you're attempting to implement HTTPS, you should follow this guide: https://assets.nagios.com/downloads/nag ... s%20XI.pdf

We have a internet facing server that serves over SSL. Then using a VirtualHost setup we use mod_proxy to pass the traffic to the HTTP Nagios. Nagios NEVER uses SSL, the front end Apache takes care of all that. We do this for internal sites without issue. It's easier to think of the front end server as an SSL-Accelerator and load balancer.

<VirtualHost *:443>
# nagios
ServerName nagios.XXX.co.uk
ServerAdmin [email protected]
ProxyPreserveHost On
ProxyPass / http://192.168.0.1/
ProxyPassReverse / http://192.168.0.1/
</VirtualHost>

I am unable to direct traffic directly to Nagios and it MUST be proxied through the SSL accelerator for a number of reasons.

Again the ONLY problem i have is Nagios is generating links to the WRONG protocol.. so its using HTTP instead of HTTPS, which is breaking CSS/link etc. Interesting when you hit the MAIN url with no context i.e. https://nagios.xxx.co.uk/ everything looks fine but this is because that page is using relative URLs e.g. I can see in the source

<LINK REL='stylesheet' TYPE='text/css' HREF='/nagiosxi/includes/css/bootstrap.min.css'>

Shame the rest of the site doesnt do the same, this would work fine if it did

[abrist]

Could you just force the ssl protocol to be used by using a permanent redirect from http to https in the nagios vhost config?

Code: Select all

Redirect permanent / https://192.168.0.1

[AmirKhan]

Could you just force the ssl protocol to be used by using a permanent redirect from http to https in the nagios vhost config?

Code: Select all

Redirect permanent / https://192.168.0.1

that wont work because traffic coming via the internet to the external machine will be unable to route to the class c ip. the objective is to allow access to nagios via the external (public facing) SSL machine.

[jdalrymple]

I've done what you're trying to do with nginx instead of apache. it worked fine for me.

You'll probably need something like this: https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

I have a global rule in my nginx config that does that for all URLs requested no matter the site so I never saw the issue you're experiencing. Adjust to fit your specific needs.