Page 3 of 4
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 3:10 pm
by tigerpeng
May I know how to do it while the Web UI is not accessible?
FYI,
it seems the browser (Firefox) cache impacted to on the redirection. I have the IP pointed to a new instance brought up with same AMI attempting HTTPS. it is still perform the http/https redirection.
I turned off the browser cache, and will redo the HTTPS on the new instance. I will troubleshooting again on the older instance again later.
I will post my result here.
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 3:16 pm
by rkennedy
It looks to be forcing SSL properly when navigating to
http://nagiosxi.connectedcarhub.com/nagiosxi/it redirects to
https://nagiosxi.connectedcarhub.com/nagiosxi/.
It seems to be working fine, are you still experiencing issues?
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 5:37 pm
by tigerpeng
I am redo the System config. In the 'Changing The XI System Time'
https://assets.nagios.com/downloads/nag ... m_Time.pdf, it is mentioned restart postgresql and mysqld. Are both database servers are used?
It seems mysql is not installed and postgresql is not initialized correctly.
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 5:43 pm
by hsmith
tigerpeng wrote:Are both database servers are used?
If you came from a version before XI5, yes. They are both used.
If you started on XI5, only MySQL is used.
tigerpeng wrote:It seems mysql is not installed
That's not normal...
service mysqld status
tigerpeng wrote:postgresql is not initialized correctly.
Can you elaborate on this?
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 6:18 pm
by tigerpeng
I am trying to do the install from scratch.
Is the mysql bound in the tar file? or it is installed through repositories.
Re: Nagios XI HTTPS Issue
Posted: Tue Jan 26, 2016 6:59 pm
by tigerpeng
I run the ./fullinstall in a clean Redhat instance after run commamd
Code: Select all
yum-config-manager --enable rhui-REGION-rhel-server-optional
I see MySQL is installed and then install failed after Installed Iptables
Code: Select all
............
MySQL installed OK - continuing...
Starting MySQL...
Redirecting to /bin/systemctl restart mariadb.service
Initializing MySQL...
MySQL root password is now set to: nagiosxi
MySQL initialized OK
Database servers initialized OK
/etc/services updated
sudoers configured OK
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
iptables-services x86_64 1.4.21-16.el7 rhui-REGION-rhel-server-releases 50 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 50 k
Installed size: 24 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iptables-services-1.4.21-16.el7.x86_64 1/1
warning: /etc/sysconfig/iptables created as /etc/sysconfig/iptables.rpmnew
Verifying : iptables-services-1.4.21-16.el7.x86_64 1/1
Installed:
iptables-services.x86_64 0:1.4.21-16.el7
Complete!
Failed to execute operation: Access denied
Followed
https://support.nagios.com/forum/viewto ... =6&t=36424 to complete the installation and it looks good
Code: Select all
Total Warnings: 0
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check
RET: 0
Login appears okay
Cookies appear okay
import appear okay
export appear okay
NagiosQL data imported OK.
RESULT=0
Running './F-startdaemons'...
Redirecting to /bin/systemctl restart httpd.service
Restarting ndo2db (via systemctl): [ OK ]
Restarting nagios (via systemctl): [ OK ]
rm: cannot remove '/usr/local/nagiosxi/var/subsys/npcd.pid': No such file or directory
NPCD was not running.
NPCD started.
Redirecting to /bin/systemctl restart crond.service
Daemons started OK
RESULT=0
Running './Z-webroot'...
RESULT=0
Nagios XI Installation Complete!
You can access the Nagios XI web interface by visiting:
http://172.31.57.248/nagiosxi/
However it seems nagioxi and mysqld are not running
Code: Select all
[root@nagiosxi nagiosxi]# /bin/systemctl status nagios.service
● nagios.service - LSB: Starts and stops the Nagios monitoring server
Loaded: loaded (/etc/rc.d/init.d/nagios)
Active: active (running) since Tue 2016-01-26 23:46:22 UTC; 3min 40s ago
Docs: man:systemd-sysv-generator(8)
Process: 25378 ExecStop=/etc/rc.d/init.d/nagios stop (code=exited, status=0/SUCCESS)
Process: 25384 ExecStart=/etc/rc.d/init.d/nagios start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nagios.service
├─25403 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
├─25405 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
├─25406 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
├─25407 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
├─25408 /usr/local/nagios/bin/nagios --worker /usr/local/nagios/var/rw/nagios.qh
└─25421 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for contact notification data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for acknowledgement data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for state change data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for contact status data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: ndomod registered for adaptive contact data'
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: Event broker module '/usr/local/nagios/bin/ndomod.o' initialized successfully.
Jan 26 23:46:22 nagiosxi.connectedcarhub.com nagios[25403]: Successfully launched command file worker with pid 25421
Jan 26 23:49:07 nagiosxi.connectedcarhub.com sudo[26417]: nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status crond
Jan 26 23:49:32 nagiosxi.connectedcarhub.com sudo[26489]: nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status httpd
Jan 26 23:49:57 nagiosxi.connectedcarhub.com sudo[26567]: nagios : TTY=unknown ; PWD=/tmp ; USER=root ; COMMAND=/usr/local/nagiosxi/scripts/manage_services.sh status mysqld
[root@nagiosxi nagiosxi]# /bin/systemctl status nagiosxi.service
● nagiosxi.service - SYSV: NagiosXI subtasks
Loaded: loaded (/etc/rc.d/init.d/nagiosxi)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
MySQL is running, but there is no mysqld.service
Code: Select all
[root@nagiosxi nagiosxi]# pgrep -fl mysql
17341 mysqld_safe
17498 mysqld
[root@nagiosxi nagiosxi]# service mysqld status
Redirecting to /bin/systemctl status mysqld.service
● mysqld.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
Re: Nagios XI HTTPS Issue
Posted: Wed Jan 27, 2016 12:00 pm
by rkennedy
When I created my post yesterday, your SSL seemed to be working fine.
What OS / version are you running on this new machine?
Re: Nagios XI HTTPS Issue
Posted: Wed Jan 27, 2016 4:40 pm
by tigerpeng
Code: Select all
[root@nagiosxi ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
It seems the instruction for set up HTTPS is not suitable for the last release. The HTTPS VirtualHost is defined on ssl.conf
Code: Select all
[root@nagiosxi conf.d]# grep 443 *.conf
ssl.conf:Listen 443 https
ssl.conf:<VirtualHost _default_:443>
ssl.conf:#ServerName www.example.com:443
The redirect mentioned in instruction cause some trouble. I used rewrite to successfully make the redirection.
Code: Select all
sdiff nagiosxi.conf nagiosxi.conf.orig
<Directory "/usr/local/nagiosxi/html"> <Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL # SSLRequireSSL
Options None Options None
AllowOverride None AllowOverride None
Order allow,deny Order allow,deny
Allow from all Allow from all
# Order deny,allow # Order deny,allow
# Deny from all # Deny from all
# Allow from 127.0.0.1 # Allow from 127.0.0.1
# AuthName "Nagios XI" # AuthName "Nagios XI"
# AuthType Basic # AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users # AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user # Require valid-user
Require all granted Require all granted
</Directory> </Directory>
Alias /nagiosxi "/usr/local/nagiosxi/html" Alias /nagiosxi "/usr/local/nagiosxi/html"
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>
RewriteEngine On RewriteEngine On
RewriteCond %{HTTPS} !=on <
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] <
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/ap RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/ap
</IfModule> </IfModule>
I got error message as below when I try to make change of 'Server Protocol' in
https://nagiosxi.connectedcarhub.com/na ... -index.php
Unable to save to file: /var/www/html/nagiosql/config/settings.php
The file is owned by root!
Code: Select all
ls -lrt /var/www/html/nagiosql/config/
total 44
-rwxr-xr-x. 1 apache apache 21287 Jan 26 23:43 fieldvars.php
drwxr-xr-x. 10 apache apache 4096 Jan 26 23:43 locale
-rw-r--r--. 1 root root 662 Jan 26 23:43 settings.php
-rw-r--r--. 1 apache apache 9910 Jan 26 23:43 main.css
After I change the owner of the file, 'Settings updated successfully!'
Re: Nagios XI HTTPS Issue
Posted: Wed Jan 27, 2016 5:14 pm
by tigerpeng
as the settings.php contains credential. i believe it should not be readable to all.
Code: Select all
ls -l /var/www/html/nagiosql/config/settings.php
-rw-r-----. 1 apache apache 146 Jan 27 21:37 /var/www/html/nagiosql/config/settings.php
Re: Nagios XI HTTPS Issue
Posted: Thu Jan 28, 2016 2:56 pm
by hsmith
After changing the permissions, you're saying that it's working? If it's working, we can look into it further, but I can't tell if it is or not from your last post.