This support forum board is for support questions relating to
Nagios XI, our flagship commercial network monitoring solution.
-
vAJ
- Posts: 456
- Joined: Thu Nov 08, 2012 5:09 pm
- Location: Austin, TX
Post
by vAJ »
All,
I think the docs for SSL need to be updated to fully document correct config on RHEL7 / Apache 2.4.x:
/etc/httpd/conf.d/nagiosxi.conf
Code: Select all
<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
Options None
AllowOverride None
# Order allow,deny
# ^^DEPRICATED IN 2.4!
# Allow from all
# ^^DEPRICATED IN 2.4!
Require all granted
Redirect permanent / https://MY.FQDN.HERE/
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/my_cert_name_here.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
require all granted
</Directory>
#<IfModule mod_rewrite.c>
#RewriteEngine On
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
#</IfModule>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"
This config will accept all connections on :80 and redirect correctly to https
Per Apache docs
http://httpd.apache.org/docs/2.4/upgrading.html:
2.2 configuration:
Order allow,deny
Allow from all
2.4 configuration:
Require all granted
Andrew J. - Do you even grok?
-
vAJ
- Posts: 456
- Joined: Thu Nov 08, 2012 5:09 pm
- Location: Austin, TX
Post
by vAJ »
Also, any NameVirtualHost line can be removed from 2.4 configs as well (httpd.conf)
Andrew J. - Do you even grok?
-
ssax
- Dreams In Code
- Posts: 7682
- Joined: Wed Feb 11, 2015 12:54 pm
Post
by ssax »
Thanks for posting that, I've created a task and assigned it to myself for updating the SSL documentation.
Are you having any issues with it or were you just posting the solution?
-
vAJ
- Posts: 456
- Joined: Thu Nov 08, 2012 5:09 pm
- Location: Austin, TX
Post
by vAJ »
Yes, on my 2.4.6 build, SSL was working, but non-SSL was giving 403 and not performing the redirect to SSL.
This was because the older "Order allow,deny" & "Allow from all" lines still in there. Once commented out, the :80 vhost worked correctly.
-Andrew
Andrew J. - Do you even grok?
-
hsmith
- Agent Smith
- Posts: 3539
- Joined: Thu Jul 30, 2015 11:09 am
- Location: 127.0.0.1
-
Contact:
Post
by hsmith »
Would you like us to close this thread since Sean is going to update the documentation?
Former Nagios Employee.
me.
-
vAJ
- Posts: 456
- Joined: Thu Nov 08, 2012 5:09 pm
- Location: Austin, TX
Post
by vAJ »
Sure thing.
Andrew J. - Do you even grok?
