enforce https for XI and fusion

[maddev]

Hi is their a way to make Nagios XI and fusion to use only https and disable http login altogether ?

Also how to make sure communication between fusion and XI also happens on a secured channel

[ssax]

You should be able to follow this guide:

http://assets.nagios.com/downloads/nagi ... s%20XI.pdf

It will be a similar process for Fusion.

You can force it to use SSL by adding a rewrite rule in your /etc/httpd/conf/httpd.conf

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Then you just change your public and internal URLs to https under Configure > Manage Fused Servers and you should be good to go.

----

I will add this quick copy/paste codeblock that I use to enable it quickly on my servers for reference, you will need to change out the information for the certificate if you are going to use it:
*** This is only if you want a self-signed certificate:
*** Make sure that you understand what this is doing so it doesn't undo something that you've already done and take backups/snapshots before making any changes.

Code: Select all

yum install mod_ssl openssl -y
openssl genrsa -out localhost.key 2048
openssl req -new -subj "/C=US/ST=MYSTATE/L=MYCITY/O=MYORG/OU=MYORGUNIT/CN=MYSERVER" -key localhost.key -out localhost.csr
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
rm -f /etc/pki/tls/certs/localhost.crt
rm -f /etc/pki/tls/private/localhost.key
rm -f /etc/pki/tls/private/localhost.csr
cp -f localhost.crt /etc/pki/tls/certs
cp -f localhost.key /etc/pki/tls/private/localhost.key
cp -f localhost.csr /etc/pki/tls/private/localhost.csr
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
service iptables save
cat <<EOF >> /etc/httpd/conf/httpd.conf
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
EOF
service httpd restart