Page 2 of 3
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Feb 26, 2015 2:23 pm
by ganeshanrs1983
Now only login page is encrypted but the thing is we are getting error message in Firefox, chrome and IE
Firefox --> " Some unencrypted elemends on this website has been blocked"
Chrome --> "This page is trying to load scripts from unauthenticated source"
IE --> " Do you want to view only the webpage content that was delivered securely.
Could you please help me in this issue.
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Feb 26, 2015 4:15 pm
by scottwilkerson
This is the problem with trying to just encrypt one piece.. ALL of the resources that the page loads, need to be served encrypted or the browser is going to scream at you.
And according to firebug on my computer the list is pretty long for just that page
GET CN.png
GET DE.png
GET ES.png
GET FR.png
GET IT.png
GET JP.png
GET KR.png
GET PL.png
GET PT.png
GET RU.png
GET TW.png
GET US.png
GET ajaxhelper.php
GET bootstrap.min.css?2014R2.6
GET colorpicker.css
GET colorpicker.js
GET commands.js?2014R2.6
GET core_2014.js?2014R2.6
GET d3.v3.min.js?2014R2.6
GET dashboards.js?2014R2.6
GET dashlets.js?2014R2.6
GET exporting.js?415
GET font-awesome.min.css?2014R2.6
GET gauge.js
GET graphexplorerinclude.js
GET helpsystem.css?0.5
GET helpsysteminclude.js?0.5
GET highcharts-more.js?415
GET highcharts.js?415
GET internethealthreport.css
GET internettrafficreport.css
GET jquery-1.8.2.min.js?2014R2.6
GET jquery-ui-1.9.0.custom.min.css?2014R2.6
GET jquery-ui-1.9.0.custom.min.js?2014R2.6
GET jquery.autocomplete.css
GET jquery.colorBlend.js
GET jquery.jscrollpane.css
GET jquery.jscrollpane.min.js
GET jquery.mousewheel.js
GET jquery.searchabledropdown.custom.js
GET jquery.timers-1.1.3.js
GET jquery.zclip.min.js
GET login.php?logout
GET loginsplash.png
GET main_js.js?2.3.3
GET nagiosxi-logo-small.png
GET nagiosxi_2014.css?2014R2.6
GET perfdata.js?2014R2.6
GET rss_dashlet.css
GET sansrisingports.css
GET style.css?2.3.3
GET tables.js?2014R2.6
GET throbber.gif
GET throbber1.gif
GET users.js?2014R2.6
GET views.js?2014R2.6
GET wizards.js?2014R2.6
GET worldtimeserver.css
58 requests
Is there a reason you are not wanting to encrypt all communication?
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Mar 05, 2015 10:11 am
by ganeshanrs1983
Thanks scottwilkerson. Will check with my manager and get back to you
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Mar 05, 2015 2:58 pm
by abrist
Fair enough. Keep us posted.
Re: How to encrypt just the login portion in Nagios XI
Posted: Fri Mar 06, 2015 8:58 am
by ganeshanrs1983
If we encrypt our entire Nagios XI URL we feel that we will get some performance issue on the servers and networks
Performance on the servers and networks.
The problem is that the requests to nagios.com. the local resources are loading properly. We want to remove ALL links to nagios.com from our page.
Re: How to encrypt just the login portion in Nagios XI
Posted: Fri Mar 06, 2015 4:19 pm
by scottwilkerson
ganeshanrs1983 wrote:Performance on the servers and networks.
The problem is that the requests to nagios.com. the local resources are loading properly. We want to remove ALL links to nagios.com from our page.
Which requests are you referring to? No login info is ever sent to nagios.com, additionally there is no problem having Nagios XI on a completely isolated network.
Re: How to encrypt just the login portion in Nagios XI
Posted: Tue Mar 10, 2015 1:10 pm
by ganeshanrs1983
Could you please help me to encrypt our entire Nagios XI URL. Earlier i have added the below lines in /etc/httpd/conf.d/nagiosxi.conf
Please let me know what changes i have to do to encrypt the entire nagios XI URL.
RewriteEngine On
# Turn SSL on for just login
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/login\.php [NC]
RewriteRule ^(.*)$
https://SERVERNAME/$1 [R=301,L]
# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/login\.php [NC]
RewriteRule ^(.*)$
http://SERVERNAME/$1 [R=301,L]
Re: How to encrypt just the login portion in Nagios XI
Posted: Tue Mar 10, 2015 1:35 pm
by jdalrymple
http://assets.nagios.com/downloads/nagi ... s%20XI.pdf
Notice the following line on page 4:
Code: Select all
Redirect permanent / https://<Your-XI-Server-Address-or-Hostname>
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Mar 12, 2015 9:48 am
by ganeshanrs1983
Thanks. But we need SSL only for our login page. We have implemented SSL for our login page but the browser IE, Chrome and Firebox not displaying the login page contents properly. Could you please help us how to make it perfect. Please find the attachment of your login page.
Re: How to encrypt just the login portion in Nagios XI
Posted: Thu Mar 12, 2015 2:42 pm
by jdalrymple
ganeshanrs1983,
You can straighten out the look of the page by changing your turn-off rewrite rules to look like this:
Code: Select all
# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/login\.php [NC]
RewriteCond !^css(.*)$ [NC]
RewriteRule ^(.*)$ http://192.168.145.128/nagiosxi/$1 [R=301,L]
Please be aware that by disabling SSL for everything else you may as well disable it for logon as well...
http://stackoverflow.com/questions/6483 ... -hijacking