Log server 2.2 and SSL

CFT6Server · Post by **CFT6Server** » Tue Sep 01, 2015 9:38 am

Just spinning up some newer 2.2 Log Servers and noticed that it doesn't have the SSL.conf files in /etc/httpd/conf.d anymore. When I add that back in, the httpd service complains about the ssl module. I see that mod_ssl and openssl is installed. Am I missing something here? I am trying to security the nodes and force SSL. Thanks.

jolson · Post by **jolson** » Tue Sep 01, 2015 10:12 am

All that I had to do to get https working is as follows.

Modify nagioslogserver.conf:

Code: Select all

vi /etc/httpd/conf.d/nagioslogserver.conf

UNCOMMENT SSLRequireSSL

Install openssl requirements:

Code: Select all

yum install openssl openssl-devel mod_ssl

Restart httpd:

Code: Select all

service httpd restart

Access NLS GUI:

Code: Select all

https://192.168.x.x/nagioslogserver

This worked like a charm for me on version R2.2. Let me know if you're having any troubles. Thanks!

CFT6Server · Post by **CFT6Server** » Tue Sep 01, 2015 5:14 pm

Since this changed, what is the recommended method for permanent SSL redirect?

tmcdonald · Post by **tmcdonald** » Wed Sep 02, 2015 3:18 pm

I can't imagine this was intentional if they were there before. Might have just been a missed step when we built the install script. I'll confirm with the devs.

Was this a fullinstall from source or a pre-built VM?

jolson · Post by **jolson** » Wed Sep 02, 2015 3:30 pm

Sorry about the earlier information, I actually got this working by using the following procedure:

Code: Select all

vi /etc/httpd/conf.d/nagioslogserver.conf

Change to:

Code: Select all

<VirtualHost *:80> # Add this line
<Directory "/var/www/html/nagioslogserver/www/">
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
   Redirect permanent / https://192.168.x.x/
</Directory>
</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory "/usr/local/nagiosxi/html">
        AllowOverride All
        </Directory>
</VirtualHost>
Alias /nagioslogserver "/var/www/html/nagioslogserver/www/"

Replace 192.168.x.x with the IP if your nagios instance.

Code: Select all

yum install mod_ssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
service httpd restart

After running through the above, everything is working as expected. Are your results different than mine? It looks like ssl.conf was generated when I ran yum install mod_ssl, so you may need to reinstall it.

Code: Select all

yum remove mod_ssl
yum install mod_ssl

This was from an OVF template, which does not include the mod_ssl package by default - hence why ssl.conf was not available initially.

CFT6Server · Post by **CFT6Server** » Wed Sep 09, 2015 4:27 pm

This worked. Thanks for the instructions.

jolson · Post by **jolson** » Wed Sep 09, 2015 4:32 pm

No problem - I'll close the thread and mark it as resolved. Thanks!

Nagios Support Forum

Log server 2.2 and SSL

Log server 2.2 and SSL

Re: Log server 2.2 and SSL

Re: Log server 2.2 and SSL

Re: Log server 2.2 and SSL

Re: Log server 2.2 and SSL

Re: Log server 2.2 and SSL

Re: Log server 2.2 and SSL