Configure Nagios Core 4.2.1 to use HTTPS

[NetNeutron]

I am trying to configure nagios core to use https instead of http.
I tried to follow the guide "Enhanced CGI Security and Authentication" in the Nagios Core documentation.
I installed/compiled Core by following this guide "Fedora Quickstart"

I tried "Implementing Digest Authentication"
but that failed with

Syntax error on line 35 of /etc/httpd/conf.d/nagios.conf:
Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration

Please advise...

[NetNeutron]

Update.
I was able to "Implementing Digest Authentication" by using AuthUserFile instead of AuthDigestFile as we are using Apache 2.2
https://wiki.apache.org/httpd/InvalidCo ... DigestFile

Now onto "Implementing Forced TLS/SSL"

[avandemore]

Sounds like your apache isn't loading mod_auth_digest, but that section of the docs isn't required for SSL?

You need to follow more of the "Implementing Forced TLS/SSL" section. A close but not perfect procedure for a Core installation can be found here: Configuring SSL for Nagios XI

[dwhitfield]

Something to think about when choosing:

Digest authentication was intended to be more secure than basic authentication, but no longer fulfills that design goal. A man-in-the-middle attacker can trivially force the browser to downgrade to basic authentication. And even a passive eavesdropper can brute-force the password using today's graphics hardware, because the hashing algorithm used by digest authentication is too fast. Another problem is that the storage of the passwords on the server is insecure. The contents of a stolen htdigest file can be used directly for digest authentication. Therefore using mod_ssl to encrypt the whole connection is strongly recommended.

- https://httpd.apache.org/docs/current/m ... igest.html

[NetNeutron]

I do have the Digest Authentication working now.
I have installed the mod_ssl & openssl via yum.
I have generated the keys using the doc Configuring SSL for Nagios XI.

But when I get to the point of "Update Apache Configuration" I am not sure how
to adjust the ReWriteRule for Nagios Core.

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
</IfModule>

[rkennedy]

That rewrite rule is only for the API, you do not need it in your Core configuration.

[NetNeutron]

That minor change did work.

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
</IfModule>

Up and running using HTTPS !

[dwhitfield]

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!

[NetNeutron]

Yes this thread can be locked.

[dwhitfield]

Glad to hear it is resolved. I am going to lock the thread. Please feel free to post again if you have you another issue. Thank you for using the Nagios forums!