Nagios XI HTTPS Issue

[tigerpeng]

May I know how to do it while the Web UI is not accessible?

FYI,
it seems the browser (Firefox) cache impacted to on the redirection. I have the IP pointed to a new instance brought up with same AMI attempting HTTPS. it is still perform the http/https redirection.
I turned off the browser cache, and will redo the HTTPS on the new instance. I will troubleshooting again on the older instance again later.
I will post my result here.

[rkennedy]

It looks to be forcing SSL properly when navigating to http://nagiosxi.connectedcarhub.com/nagiosxi/it redirects to https://nagiosxi.connectedcarhub.com/nagiosxi/.

It seems to be working fine, are you still experiencing issues?

[tigerpeng]

I am redo the System config. In the 'Changing The XI System Time' https://assets.nagios.com/downloads/nag ... m_Time.pdf, it is mentioned restart postgresql and mysqld. Are both database servers are used?

It seems mysql is not installed and postgresql is not initialized correctly.

[hsmith]

Are both database servers are used?

If you came from a version before XI5, yes. They are both used.

If you started on XI5, only MySQL is used.

It seems mysql is not installed

That's not normal...service mysqld status

postgresql is not initialized correctly.

Can you elaborate on this?

[tigerpeng]

I am trying to do the install from scratch.
Is the mysql bound in the tar file? or it is installed through repositories.

[tigerpeng]

I run the ./fullinstall in a clean Redhat instance after run commamd

Code: Select all

yum-config-manager --enable rhui-REGION-rhel-server-optional

I see MySQL is installed and then install failed after Installed Iptables

Code: Select all

............
MySQL installed OK - continuing...
Starting MySQL...
Redirecting to /bin/systemctl restart  mariadb.service
Initializing MySQL...
MySQL root password is now set to: nagiosxi
MySQL initialized OK
Database servers initialized OK
/etc/services updated
sudoers configured OK
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch   Version        Repository                        Size
================================================================================
Installing:
 iptables-services x86_64 1.4.21-16.el7  rhui-REGION-rhel-server-releases  50 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 50 k
Installed size: 24 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iptables-services-1.4.21-16.el7.x86_64                       1/1
warning: /etc/sysconfig/iptables created as /etc/sysconfig/iptables.rpmnew
  Verifying  : iptables-services-1.4.21-16.el7.x86_64                       1/1

Installed:
  iptables-services.x86_64 0:1.4.21-16.el7

Complete!
Failed to execute operation: Access denied

Followed https://support.nagios.com/forum/viewto ... =6&t=36424 to complete the installation and it looks good

Code: Select all

Total Warnings: 0
Total Errors:   0

Things look okay - No serious problems were detected during the pre-flight check
RET: 0
Login appears okay
Cookies appear okay
import appear okay
export appear okay

NagiosQL data imported OK.
RESULT=0
Running './F-startdaemons'...
Redirecting to /bin/systemctl restart  httpd.service
Restarting ndo2db (via systemctl):  [  OK  ]
Restarting nagios (via systemctl):  [  OK  ]
rm: cannot remove '/usr/local/nagiosxi/var/subsys/npcd.pid': No such file or directory
NPCD was not running.
NPCD started.
Redirecting to /bin/systemctl restart  crond.service
Daemons started OK
RESULT=0
Running './Z-webroot'...
RESULT=0

Nagios XI Installation Complete!

You can access the Nagios XI web interface by visiting:
    http://172.31.57.248/nagiosxi/

However it seems nagioxi and mysqld are not running

Code: Select all

[root@nagiosxi nagiosxi]# /bin/systemctl status  nagios.service
● nagios.service - LSB: Starts and stops the Nagios monitoring server
   Loaded: loaded (/etc/rc.d/init.d/nagios)
   Active: active (running) since Tue 2016-01-26 23:46:22 UTC; 3min 40s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 25378 ExecStop=/etc/rc.d/init.d/nagios stop (code=exited, status=0/SUCCESS)
  Process: 25384 ExecStart=/etc/rc.d/init.d/nagios start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/nagios.service
           ├─25403 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
           ├─25405 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
           ├─25406 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
           ├─25407 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
           ├─25408 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
           └─25421 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg

Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for contact notification data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for acknowledgement data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for state change data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for contact status data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for adaptive contact data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: Event broker module '/usr/local/nagios/bin/ndomod.o' initialized successfully.
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: Successfully launched command file worker with pid 25421
Jan 26 23:49:07 nagiosxi.connectedcarhub.com sudo[26417]:   nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status crond
Jan 26 23:49:32 nagiosxi.connectedcarhub.com sudo[26489]:   nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status httpd
Jan 26 23:49:57 nagiosxi.connectedcarhub.com sudo[26567]:   nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status mysqld
[root@nagiosxi nagiosxi]# /bin/systemctl status  nagiosxi.service
● nagiosxi.service - SYSV: NagiosXI subtasks
   Loaded: loaded (/etc/rc.d/init.d/nagiosxi)
   Active: inactive (dead)
     Docs: man:systemd-sysv-generator(8)

MySQL is running, but there is no mysqld.service

Code: Select all

[root@nagiosxi nagiosxi]# pgrep -fl mysql
17341 mysqld_safe
17498 mysqld
[root@nagiosxi nagiosxi]# service mysqld status
Redirecting to /bin/systemctl status  mysqld.service
● mysqld.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

[rkennedy]

When I created my post yesterday, your SSL seemed to be working fine.

What OS / version are you running on this new machine?

[tigerpeng]

Code: Select all

[root@nagiosxi ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.2 (Maipo)

It seems the instruction for set up HTTPS is not suitable for the last release. The HTTPS VirtualHost is defined on ssl.conf

Code: Select all

[root@nagiosxi conf.d]# grep 443 *.conf
ssl.conf:Listen 443 https
ssl.conf:<VirtualHost _default_:443>
ssl.conf:#ServerName www.example.com:443

The redirect mentioned in instruction cause some trouble. I used rewrite to successfully make the redirection.

Code: Select all

 sdiff nagiosxi.conf nagiosxi.conf.orig 
<Directory "/usr/local/nagiosxi/html">				<Directory "/usr/local/nagiosxi/html">
#  SSLRequireSSL						#  SSLRequireSSL
   Options None							   Options None
   AllowOverride None						   AllowOverride None
   Order allow,deny						   Order allow,deny
   Allow from all						   Allow from all
#  Order deny,allow						#  Order deny,allow
#  Deny from all						#  Deny from all
#  Allow from 127.0.0.1						#  Allow from 127.0.0.1
#   AuthName "Nagios XI"					#   AuthName "Nagios XI"
#   AuthType Basic						#   AuthType Basic
#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users		#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#   Require valid-user						#   Require valid-user
   Require all granted						   Require all granted
</Directory>							</Directory>

Alias /nagiosxi "/usr/local/nagiosxi/html"			Alias /nagiosxi "/usr/local/nagiosxi/html"

<IfModule mod_rewrite.c>					<IfModule mod_rewrite.c>
RewriteEngine On						RewriteEngine On
RewriteCond %{HTTPS} !=on				      <
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]	      <
RewriteCond %{REQUEST_FILENAME} !-f				RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d				RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/ap	RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/ap
</IfModule>							</IfModule>

I got error message as below when I try to make change of 'Server Protocol' in https://nagiosxi.connectedcarhub.com/na ... -index.php
Unable to save to file: /var/www/html/nagiosql/config/settings.php

The file is owned by root!

Code: Select all

ls -lrt  /var/www/html/nagiosql/config/
total 44
-rwxr-xr-x.  1 apache apache 21287 Jan 26 23:43 fieldvars.php
drwxr-xr-x. 10 apache apache  4096 Jan 26 23:43 locale
-rw-r--r--.  1 root   root     662 Jan 26 23:43 settings.php
-rw-r--r--.  1 apache apache  9910 Jan 26 23:43 main.css

After I change the owner of the file, 'Settings updated successfully!'

[tigerpeng]

as the settings.php contains credential. i believe it should not be readable to all.

Code: Select all

ls -l /var/www/html/nagiosql/config/settings.php
-rw-r-----. 1 apache apache 146 Jan 27 21:37 /var/www/html/nagiosql/config/settings.php

[hsmith]

After changing the permissions, you're saying that it's working? If it's working, we can look into it further, but I can't tell if it is or not from your last post.