Page 1 of 1
Log server 2.2 and SSL
Posted: Tue Sep 01, 2015 9:38 am
by CFT6Server
Just spinning up some newer 2.2 Log Servers and noticed that it doesn't have the SSL.conf files in /etc/httpd/conf.d anymore. When I add that back in, the httpd service complains about the ssl module. I see that mod_ssl and openssl is installed. Am I missing something here? I am trying to security the nodes and force SSL. Thanks.
Re: Log server 2.2 and SSL
Posted: Tue Sep 01, 2015 10:12 am
by jolson
All that I had to do to get https working is as follows.
Modify nagioslogserver.conf:
Code: Select all
vi /etc/httpd/conf.d/nagioslogserver.conf
UNCOMMENT SSLRequireSSL
Install openssl requirements:
Code: Select all
yum install openssl openssl-devel mod_ssl
Restart httpd:
Access NLS GUI:
Code: Select all
https://192.168.x.x/nagioslogserver
This worked like a charm for me on version R2.2. Let me know if you're having any troubles. Thanks!
Re: Log server 2.2 and SSL
Posted: Tue Sep 01, 2015 5:14 pm
by CFT6Server
Since this changed, what is the recommended method for permanent SSL redirect?
Re: Log server 2.2 and SSL
Posted: Wed Sep 02, 2015 3:18 pm
by tmcdonald
I can't imagine this was intentional if they were there before. Might have just been a missed step when we built the install script. I'll confirm with the devs.
Was this a fullinstall from source or a pre-built VM?
Re: Log server 2.2 and SSL
Posted: Wed Sep 02, 2015 3:30 pm
by jolson
Sorry about the earlier information, I actually got this working by using the following procedure:
Code: Select all
vi /etc/httpd/conf.d/nagioslogserver.conf
Change to:
Code: Select all
<VirtualHost *:80> # Add this line
<Directory "/var/www/html/nagioslogserver/www/">
Options None
AllowOverride None
Order allow,deny
Allow from all
Redirect permanent / https://192.168.x.x/
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>
Alias /nagioslogserver "/var/www/html/nagioslogserver/www/"
Replace
192.168.x.x with the IP if your nagios instance.
Code: Select all
yum install mod_ssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
service httpd restart
After running through the above, everything is working as expected. Are your results different than mine? It looks like ssl.conf was generated when I ran
yum install mod_ssl, so you may need to reinstall it.
Code: Select all
yum remove mod_ssl
yum install mod_ssl
This was from an OVF template, which does not include the mod_ssl package by default - hence why ssl.conf was not available initially.
Re: Log server 2.2 and SSL
Posted: Wed Sep 09, 2015 4:27 pm
by CFT6Server
This worked. Thanks for the instructions.
Re: Log server 2.2 and SSL
Posted: Wed Sep 09, 2015 4:32 pm
by jolson
No problem - I'll close the thread and mark it as resolved. Thanks!