Issues With Nagvis Authentication

[tpwebb]

Hello,

Recently I have upgraded our nagios instance from Centos 6 to Centos 7.

I am having trouble with Nagvis, originally it came up with the PHP authentication (PHP_AUTH_USER) error and I followed the instructions to allow automatic authentication.

Unable to authenticate user. The environment variable PHP_AUTH_USER is not set or empty.

Commented out these lines in nagvis.conf

#AuthName "NagVis Access"
#AuthType Basic
#AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#Require valid-user

added these lines under </Directory>
RewriteEngine on
RewriteLock var/log/rewrite.lck
RewriteLog /dev/null
RewriteLogLevel 0
RewriteRule /nagvis/ - [E=REMOTE_USER:nagiosadmin]

Commented this line nagvis.ini.php
;logonenvvar="PHP_AUTH_USER"

Now I can't start the httpd service, I get this error
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-11-20 20:28:59 AEST; 2min 47s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 55163 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 55162 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 55162 (code=exited, status=1/FAILURE)

Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: Starting The Apache HTTP Server...
Nov 20 20:28:59 nagios.metrotraffic.seq.its httpd[55162]: AH00526: Syntax error on line 41 of /etc/httpd/conf.d/nagvis.conf:
Nov 20 20:28:59 nagios.metrotraffic.seq.its httpd[55162]: Invalid command 'RewriteLock', perhaps misspelled or defined by a module not included in the server...iguration
Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Nov 20 20:28:59 nagios.metrotraffic.seq.its kill[55163]: kill: cannot find process ""
Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: httpd.service: control process exited, code=exited status=1
Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: Failed to start The Apache HTTP Server.
Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: Unit httpd.service entered failed state.
Nov 20 20:28:59 nagios.metrotraffic.seq.its systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

[scottwilkerson]

In Apache 2.4 RewriteLock is no longer a valid config option

Other configuration changes
...
Directives AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath have been replaced with a single Mutex directive. You will need to evaluate any use of these removed directives in your 2.2 configuration to determine if they can just be deleted or will need to be replaced using Mutex.

Re: https://httpd.apache.org/docs/2.4/upgrading.html

[tpwebb]

Hello,

I have removed all the added lines and tried the mutex options that were suggested as a workaround, this has not worked. I have gone back to my original problems that has come from the Hyper-v download from the website.

I still am getting “Unable to authenticate user. The environment variable PHP_AUTH_USER is not set or empty“

Can you advise how I can resolve this issue?

[scottwilkerson]

What version of Nagios XI are you running?

[tpwebb]

I am running 5.6.6

[scottwilkerson]

A typical /etc/httpd/conf.d/nagvis.conf on Centos 7 looks like this:

Code: Select all

# NagVis Apache2 sample configuration file
#
# #############################################################################
Alias /nagvis "/usr/local/nagvis/share"
<Directory "/usr/local/nagvis/share">
  Options FollowSymLinks
  AllowOverride None
  <IfModule mod_authz_core.c>
    # Apache >= 2.4
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache < 2.4
    Order allow,deny
    Allow from all
  </IfModule>
  # To enable Nagios basic auth on NagVis use the following options
  # Just uncomment it. Maybe you need to adjust the path to the
  # Auth user file.
  #
  # If you use the NagVis internal auth mechanism based on the web
  # for you won't need this.
  #
  #AuthName "NagVis Access"
  #AuthType Basic
  #AuthUserFile /usr/local/nagios/etc/htpasswd.users
  #Require valid-user
  # With installed and enabled mod_rewrite there are several redirections
  # available to fix deprecated and/or wrong urls. None of those rules is
  # mandatory to get NagVis working.
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /nagvis
    # Use mod_rewrite for old url redirection even if there are php files which
    # redirect the queries itselfs. In some cases the mod_rewrite redirect
    # is better than the php redirect.
    #
    # Using the php redirect seems to be better in some cases where https/http servers
    # are mixed. For example in OMD setups where using apache own mode and https in the
    # frontend and http in the backend apache servers.
    #
    # Disabling this redirect by default in the hope that the php direct works better.
    #RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
    #RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]
    # Redirect old regular map links
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
    RewriteCond %{QUERY_STRING} map=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]
    # Without map= param
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]
    # Redirect old rotation calls
    RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
    RewriteCond %{QUERY_STRING} !mod
    RewriteCond %{QUERY_STRING} rotation=(.*)
    RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
  </IfModule>
</Directory>

[tpwebb]

This is what is in my file

[root@nagios /]# cat /etc/httpd/conf.d/nagvis.conf
# NagVis Apache2 sample configuration file
#
# #############################################################################

Alias /nagvis "/usr/local/nagvis/share"

<Directory "/usr/local/nagvis/share">
Options FollowSymLinks
AllowOverride None

<IfModule mod_authz_core.c>
# Apache >= 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache < 2.4
Order allow,deny
Allow from all
</IfModule>

# To enable Nagios basic auth on NagVis use the following options
# Just uncomment it. Maybe you need to adjust the path to the
# Auth user file.
#
# If you use the NagVis internal auth mechanism based on the web
# for you won't need this.
#
AuthName "NagVis Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

# With installed and enabled mod_rewrite there are several redirections
# available to fix deprecated and/or wrong urls. None of those rules is
# mandatory to get NagVis working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /nagvis


# Use mod_rewrite for old url redirection even if there are php files which
# redirect the queries itselfs. In some cases the mod_rewrite redirect
# is better than the php redirect.
#
# Using the php redirect seems to be better in some cases where https/http servers
# are mixed. For example in OMD setups where using apache own mode and https in the
# frontend and http in the backend apache servers.
#
# Disabling this redirect by default in the hope that the php direct works better.
#RewriteCond %{REQUEST_URI} ^/nagvis(/config\.php|/index\.php|/|)(\?.*|)$
#RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/%1%2 [R=301,L]

# Redirect old regular map links
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/(wui|nagvis-js)
RewriteCond %{QUERY_STRING} map=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Map&act=view&show=%1 [R=301,L]

# Without map= param
RewriteCond %{REQUEST_URI} ^/nagvis/frontend(/wui)?/?(index.php)?$
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php [R=301,L]

# Redirect old rotation calls
RewriteCond %{REQUEST_URI} ^/nagvis/frontend/nagvis-js
RewriteCond %{QUERY_STRING} !mod
RewriteCond %{QUERY_STRING} rotation=(.*)
RewriteRule ^(.*)$ /nagvis/frontend/nagvis-js/index.php?mod=Rotation&act=view&show=%1 [R=301,L]
</IfModule>
</Directory>

[scottwilkerson]

So it is using Basic auth instead of the PHP auth..

Where are you getting the PHP authentication (PHP_AUTH_USER) error?

Also, If you click Options -> Manage Backend
What is selected as the "Default Backend"?

[tpwebb]

Apologies, hopefully I have corrected the file to match
#
#AuthName "NagVis Access"
#AuthType Basic
#AuthUserFile /usr/local/nagios/etc/htpasswd.users
#Require valid-user

and restarted httpd service

I get the message when I click on Nagvis in the menu on the left, so I don't get into Nagvis at all.

[scottwilkerson]

Can you send me a copy of your /usr/local/nagvis/etc/nagvis.ini.php