Page 3 of 5
Re: Issues/questions with version 2R1.0
Posted: Tue Mar 10, 2015 4:26 pm
by jomann
Actually yes! I do see the problem we are having:
Code: Select all
ERROR: cannot verify 127.0.0.1’s certificate, issued by â€/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CAâ€:
Unable to locally verify the issuer’s authority.
ERROR: certificate common name â€*.snapon.com†doesn't match requested host name â€127.0.0.1â€.
To connect to 127.0.0.1 insecurely, use ‘--no-check-certificate’.
This section is the problem - we are using 127.0.0.1 as the hostname which obviously isn't the proper hostname for your certificate. We can try using:
Code: Select all
/usr/local/bin/wkhtmltopdf --no-outline -O "Portrait" --footer-spacing 3 --margin-bottom 14mm --footer-font-size 9 --no-check-certificate --footer-left "Network Analyzer Report" --footer-right "Page [page] of [toPage]" "http://127.0.0.1/nagiosna/index.php/sources/reports/1?download=1&token=<apikey>&q[rid]=1&q[sid]=2" "/tmp/page.pdf"
Then the actual fix for you will be one of two things... find a way for the NNA server to be able to contact itself without being redirected to https or possibly add the above "--no-check-certificate" to the function in the actual NNA code.
Re: Issues/questions with version 2R1.0
Posted: Tue Mar 10, 2015 4:36 pm
by snapon_admin
Got an error using the --no-check-certificate option, in that it doesn't appear to be an option:
Code: Select all
[root@lisl-ngna-01-pv tmp]# /usr/local/bin/wkhtmltopdf --no-outline -O "Portrait" --footer-spacing 3 --margin-bottom 14mm --footer-font-size 9 --no-check-certificate --footer-left "Network Analyzer Report" --footer-right "Page [page] of [toPage]" "http://127.0.0.1/nagiosna/index.php/sources/reports/55download=1&token=c35dfd74f0b152179aaf212a018642fc1c3f58a3&q[rid]=1&q[sid]=2" "/tmp/page.pdf"
Unknown long argument --no-check-certificate
Name:
wkhtmltopdf 0.12.2.1 (with patched qt)
Synopsis:
wkhtmltopdf [GLOBAL OPTION]... [OBJECT]... <output file>
Document objects:
wkhtmltopdf is able to put several objects into the output file, an object is
either a single webpage, a cover webpage or a table of content. The objects
are put into the output document in the order they are specified on the
command line, options can be specified on a per object basis or in the global
options area. Options from the Global Options section can only be placed in
the global options area
A page objects puts the content of a singe webpage into the output document.
(page)? <input url/file name> [PAGE OPTION]...
Options for the page object can be placed in the global options and the page
options areas. The applicable options can be found in the Page Options and
Headers And Footer Options sections.
A cover objects puts the content of a singe webpage into the output document,
the page does not appear in the table of content, and does not have headers
and footers.
cover <input url/file name> [PAGE OPTION]...
All options that can be specified for a page object can also be specified for
a cover.
A table of content object inserts a table of content into the output document.
toc [TOC OPTION]...
All options that can be specified for a page object can also be specified for
a toc, further more the options from the TOC Options section can also be
applied. The table of content is generated via XSLT which means that it can be
styled to look however you want it to look. To get an aide of how to do this
you can dump the default xslt document by supplying the
--dump-default-toc-xsl, and the outline it works on by supplying
--dump-outline, see the Outline Options section.
Description:
Converts one or more HTML pages into a PDF document, using wkhtmltopdf patched
qt.
Global Options:
--collate Collate when printing multiple copies
(default)
--no-collate Do not collate when printing multiple
copies
--copies <number> Number of copies to print into the pdf
file (default 1)
-H, --extended-help Display more extensive help, detailing
less common command switches
-g, --grayscale PDF will be generated in grayscale
-h, --help Display help
--license Output license information and exit
-l, --lowquality Generates lower quality pdf/ps. Useful to
shrink the result document space
-O, --orientation <orientation> Set orientation to Landscape or Portrait
(default Portrait)
-s, --page-size <Size> Set paper size to: A4, Letter, etc.
(default A4)
-q, --quiet Be less verbose
--read-args-from-stdin Read command line arguments from stdin
--title <text> The title of the generated pdf file (The
title of the first document is used if not
specified)
-V, --version Output version information and exit
Page Options:
--print-media-type Use print media-type instead of screen
--no-print-media-type Do not use print media-type instead of
screen (default)
Contact:
If you experience bugs or want to request new features please visit
<https://github.com/wkhtmltopdf/wkhtmltopdf/issues>
[root@lisl-ngna-01-pv tmp]#
Re: Issues/questions with version 2R1.0
Posted: Tue Mar 10, 2015 5:03 pm
by jomann
Hmm it may be the browser option which is why it's showing up after the SSL certificate. Is it possible to allow non-SSL connections from localhost only?
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 9:29 am
by snapon_admin
I'd be willing to try that, how would that be set up?
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 1:49 pm
by lmiltchev
Before we even go down this path and dig into this, can you temporarily disable SSL and run a report to make sure it actually works? This way we will know for sure that we need to work on the SSL issue.
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 2:01 pm
by snapon_admin
I can try that, what's the best way to go about that? Just want to make sure I edit all the right conf files go revert back to http.
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 3:08 pm
by ssax
Did you follow the guide at
http://assets.nagios.com/downloads/nagi ... alyzer.pdf or did you set it up a different way?
If you type in
http://YOURNAGIOSNASERVER does it redirect you to
https://YOURNAGIONASERVER automatically?
If yes to the question above, it's either a RewriteRule in
/etc/httpd/conf/httpd.conf or in
/etc/httpd/conf.d/nagiosna.conf, you would need to find it and comment it out.
- Make sure that you comment out SSLRequireSSL with a # in /etc/httpd/conf.d/nagiosna.conf if it isn't already.
If no to the question above, try it from the http:// one.
One caveat would be that you may need to open port 80 on the local machine or on any firewalls in between if it's locked down.
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 3:34 pm
by snapon_admin
Got it, found the RewriteRule, forgot it was in httpd.conf. Bad news, I enabled http and PDFs still don't work, same issue even without SSL
Re: Issues/questions with version 2R1.0
Posted: Wed Mar 11, 2015 3:50 pm
by snapon_admin
I tailed the apache error log while clicking the report using http:
Code: Select all
[root@lisl-ngna-01-pv conf.d]# tail -f /var/log/httpd/error_log
[Wed Mar 11 15:47:25 2015] [notice] caught SIGTERM, shutting down
[Wed Mar 11 15:47:25 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Mar 11 15:47:25 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 11 15:47:25 2015] [notice] Digest: done
[Wed Mar 11 15:47:25 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Mar 11 15:48:10 2015] [notice] caught SIGTERM, shutting down
[Wed Mar 11 15:48:10 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Mar 11 15:48:10 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Mar 11 15:48:10 2015] [notice] Digest: done
[Wed Mar 11 15:48:10 2015] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations
Loading pages (1/6)
content-type missing in HTTP POST, defaulting to application/x-www-form-urlencoded. Use QNetworkRequest::setHeader() to fix this problem.
QPainter::begin(): Returned false============================] 100%
Error: Unable to write to destination
Exit with code 1, due to unknown error.
^C
Re: Issues/questions with version 2R1.0
Posted: Thu Mar 12, 2015 12:24 pm
by tgriep
Could you post your httpd.conf and the nagiosna.conf config files so we can look at them?