Nagios Core web interface with SSL support on Ubuntu
Nagios Core web interface with SSL support on Ubuntu
We have Nagios Core v4.3.4 installed on Ubuntu 14.04. The Nagios Core web interface (GUI) is supported by Apache2 server.
I wanted to configure the apache server with SSL enabled to run the Nagios Core GUI under a secured server (httpds/443):
- I requested a server certificate
- I enabled the SSL module
- I installed the server certificate to 000-default.conf and replaced 80 with 443
- I added port 443 to ports.conf
- I restarted the apache2, and apache started fine
However, I am unable to connect to the Nagios Core GUI/apache server with port 443. I am still able to connect to the Nagios Core GUI on port 80. What is missing? Thanks!
I wanted to configure the apache server with SSL enabled to run the Nagios Core GUI under a secured server (httpds/443):
- I requested a server certificate
- I enabled the SSL module
- I installed the server certificate to 000-default.conf and replaced 80 with 443
- I added port 443 to ports.conf
- I restarted the apache2, and apache started fine
However, I am unable to connect to the Nagios Core GUI/apache server with port 443. I am still able to connect to the Nagios Core GUI on port 80. What is missing? Thanks!
Re: Nagios Core web interface with SSL support on Ubuntu
Please run this command and send us the resulting /tmp/HTTPDFILES.zip file:
Code: Select all
zip -r /tmp/HTTPDFILES.zip /etc/apache2/apache2.conf /etc/apache2/sites-enabled /etc/apache2/sites-available
Re: Nagios Core web interface with SSL support on Ubuntu
@Ssax, thanks for the quick response.
Where do I get (download) HTTPDFILES.zip?
Where do I get (download) HTTPDFILES.zip?
Re: Nagios Core web interface with SSL support on Ubuntu
@ssax: sorry I misunderstood the request. As per your instruction, I included the required files in the tar file attached. Please review them and let me know your comments/findings. Thanks!
- Attachments
-
- apache2-Files.tar.gz
- (6.54 KiB) Downloaded 232 times
Re: Nagios Core web interface with SSL support on Ubuntu
Hi.
It would help also to support you, if you show the output of this command:
It would help also to support you, if you show the output of this command:
Code: Select all
netstat -tulpen | grep 443
Re: Nagios Core web interface with SSL support on Ubuntu
@steffi, here are the results:
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1931326634 88993/apache2
Also, the /etc/apache2/ports.conf is shown below:
# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1931326634 88993/apache2
Also, the /etc/apache2/ports.conf is shown below:
# cat /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Re: Nagios Core web interface with SSL support on Ubuntu
The apache server listens to both port 80 and 443:
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1942825286 110367/apache2
# netstat -tulpen | grep 80
tcp6 0 0 :::80 :::* LISTEN 0 1942825282 110367/apache2
Also, on this Ubuntu server, I can connect to the localhost (loopback 127.0.0.1) on port 443 , but received an error message like "Unable to connect to remote host: Connection refused" when trying to connect to the IP address that is an IP address for the Nagios Core web interface on port 443.
What is missing?
# netstat -tulpen | grep 443
tcp6 0 0 :::443 :::* LISTEN 0 1942825286 110367/apache2
# netstat -tulpen | grep 80
tcp6 0 0 :::80 :::* LISTEN 0 1942825282 110367/apache2
Also, on this Ubuntu server, I can connect to the localhost (loopback 127.0.0.1) on port 443 , but received an error message like "Unable to connect to remote host: Connection refused" when trying to connect to the IP address that is an IP address for the Nagios Core web interface on port 443.
What is missing?
Re: Nagios Core web interface with SSL support on Ubuntu
Can you try from another server and post the output?
Code: Select all
curl -k -L -v 'https://YOURNAGIOSSERVER/nagios/'
nmap -p80,443 YOURNAGIOSSERVER
Re: Nagios Core web interface with SSL support on Ubuntu
Can you try disabling the firewall temporarily as well and see if that fixes it?
https://linuxconfig.org/how-to-enable-d ... aver-linux
https://linuxconfig.org/how-to-enable-d ... aver-linux
Re: Nagios Core web interface with SSL support on Ubuntu
# curl -k -L -v 'https://135.25.142.20/nagios/'
* Hostname was NOT found in DNS cache
* Trying 135.25.142.20...
* connect to 135.25.142.20 port 443 failed: Connection refused
* Failed to connect to 135.25.142.20 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 135.25.142.20 port 443: Connection refused
# nmap -p80,443 135.25.142.20
Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-16 03:40 UTC
Nmap scan report for zldcmtn23adce1coll00.f5db5b.mtn23a.tci.att.com (135.25.142.20)
Host is up (0.00076s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 2.32 seconds
* Hostname was NOT found in DNS cache
* Trying 135.25.142.20...
* connect to 135.25.142.20 port 443 failed: Connection refused
* Failed to connect to 135.25.142.20 port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 135.25.142.20 port 443: Connection refused
# nmap -p80,443 135.25.142.20
Starting Nmap 6.40 ( http://nmap.org ) at 2019-03-16 03:40 UTC
Nmap scan report for zldcmtn23adce1coll00.f5db5b.mtn23a.tci.att.com (135.25.142.20)
Host is up (0.00076s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 2.32 seconds