Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Force SSL breaks config verification

https://support.nagios.com/forum/viewtopic.php?t=35074

Page 1 of 2

Force SSL breaks config verification

Posted: Wed Oct 07, 2015 4:50 pm
by canyonsdistrict
I followed these instructions to turn on SSL and force SSL using a permanent redirect.

When I do that I had the same result as this thread, as well as a few other issues including Active Host Checks, Active Service Checks, and Notification Services reporting as down.

I disabled the Redirect permanent / https://<Your-XI-Server-Address-or-Hostname> and the issue went away.

I would like to be able to force SSL. Is there another alternative to forcing SSL?

Re: Force SSL breaks config verification

Posted: Thu Oct 08, 2015 1:11 pm
by hsmith
Can you change

Code: Select all

 Redirect permanent / https://<Your-XI-Server-Address-or-Hostname>
to

Code: Select all

 Redirect permanent / https://<Your-XI-Server-Address-or-Hostname>/
and let us know what happens?

Thanks!

Re: Force SSL breaks config verification

Posted: Mon Oct 12, 2015 8:48 am
by canyonsdistrict
Turns out I had the trailing / on the end when I put it in the config file. Having it there doesn't help, not having it there makes an even bigger mess.

Re: Force SSL breaks config verification

Posted: Mon Oct 12, 2015 10:12 am
by hsmith
Can you post the contents of your /etc/httpd/conf.d/nagiosxi.conf file for us to take a look at?

Re: Force SSL breaks config verification

Posted: Mon Oct 12, 2015 3:31 pm
by canyonsdistrict

Code: Select all

<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios XI"
#   AuthType Basic
#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#   Require valid-user
#    Redirect permanent / https://10.25.9.101/
</Directory>
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory "/usr/local/nagiosxi/html">
        AllowOverride All
        </Directory>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
</IfModule>

Re: Force SSL breaks config verification

Posted: Mon Oct 12, 2015 4:52 pm
by ssax
Here is how I set it up, put this at the bottom of you /etc/httpd/conf/httpd.conf and remove your Redirect permanent:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Re: Force SSL breaks config verification

Posted: Mon Oct 12, 2015 5:02 pm
by canyonsdistrict
This doesn't force SSL.

Re: Force SSL breaks config verification

Posted: Tue Oct 13, 2015 10:00 am
by rkennedy
Now would be a good time to make sure you have a working configuration backed up. I was able to force SSL on my machine using this methoud. It should work fine for you. At the bottom of your nagiosxi.conf, look for -

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
</IfModule>
Before the </IfModule>, add the following:

Code: Select all

RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
The final result should look like:

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>
Let me know if this works.

Re: Force SSL breaks config verification

Posted: Tue Oct 13, 2015 10:13 am
by canyonsdistrict
This is what it looks like now.

Code: Select all

<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios XI"
#   AuthType Basic
#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#   Require valid-user
#    Redirect permanent / https://10.25.9.101/
</Directory>
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory "/usr/local/nagiosxi/html">
        AllowOverride All
        </Directory>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>
I restarted httpd and tried an incognito tab in Chrome and it still doesn't force ssl.

Re: Force SSL breaks config verification

Posted: Tue Oct 13, 2015 11:13 am
by ssax
Please attach your /etc/httpd/conf/httpd.conf file and you /etch/httpd/conf.d directory and I'll take a look at them and get you up and running.

Thank you
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited