Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Need help configuring SSL with Nagios XI

https://support.nagios.com/forum/viewtopic.php?t=5877

Page 4 of 5

Re: Need help configuring SSL with Nagios XI

Posted: Thu May 24, 2012 1:44 pm
by scottwilkerson
Can you attach your nagiosxi.comf file

Thanks

Re: Need help configuring SSL with Nagios XI

Posted: Thu May 24, 2012 1:51 pm
by tgfde
File is attached.

Re: Need help configuring SSL with Nagios XI

Posted: Thu May 24, 2012 1:54 pm
by tgfde
Sorry here it is. Just rename file to .conf. Thanks.

Re: Need help configuring SSL with Nagios XI

Posted: Thu May 24, 2012 2:23 pm
by scottwilkerson
Lets replace the commented out section with the following:

Code: Select all

<VirtualHost *:443>
<Directory "/usr/local/nagiosxi/html">
  SSLRequireSSL
  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios XI"
#   AuthType Basic
#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#   Require valid-user
</Directory>
</VirtualHost>

Re: Need help configuring SSL with Nagios XI

Posted: Thu May 24, 2012 3:11 pm
by tgfde
What about the portion below the commented out section? Do I leave that there?

Re: Need help configuring SSL with Nagios XI

Posted: Fri May 25, 2012 8:01 am
by scottwilkerson
yes

Re: Need help configuring SSL with Nagios XI

Posted: Fri May 25, 2012 8:54 am
by tgfde
After making the chage, httpd failed to start. Below is the current nagiosxi.conf and the httpd log.

nagiosxi.conf
<VirtualHost *:443>
<Directory "/usr/local/nagiosxi/html">
SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory>
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>

Alias /nagiosxi "/usr/local/nagiosxi/html"


Log:
[Fri May 25 08:49:21 2012] [notice] caught SIGTERM, shutting down
[Fri May 25 08:49:22 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri May 25 08:49:22 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/httpd/conf.d/nagiosxi.conf:1)

Re: Need help configuring SSL with Nagios XI

Posted: Fri May 25, 2012 9:02 am
by scottwilkerson
I'm sorry the section at the top should be
<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory>
</VirtualHost>
I accidentally left :443 in there and it should be :80

Re: Need help configuring SSL with Nagios XI

Posted: Fri May 25, 2012 9:16 am
by tgfde
Ok that worked - httpd started.

However, when I access nagiosxi via http, I get the the "Welcome" page (attached) where it has a broken NagiosXI image. Then when I click on "Acess Nagios XI", I get the "Forbidden" page.

Is there a way to bypass the "Welcome" page when a user tries to access Nagiosxi and have redirected straight to the "Forbidden" page.

Thank you.

Re: Need help configuring SSL with Nagios XI

Posted: Fri May 25, 2012 9:36 am
by lmiltchev
When you navigate to: Admin->System Config->Mange System Config, what do you see in the "Program URL" field? I guess you have: "https://<IP_address>" but you should have "https://<IP_address>/nagiosxi/" instead. You should modify this field and hit the "Update Settings" button.

Hope this helps.
All times are UTC-05:00
Page 4 of 5

Powered by phpBB® Forum Software © phpBB Limited