Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SSL Redirection 5.2.3

https://support.nagios.com/forum/viewtopic.php?t=36884

Page 1 of 3

SSL Redirection 5.2.3

Posted: Tue Feb 02, 2016 4:31 pm
by mikew
I have reconfigured an XI server with 5.2.2 but now in 5.2.3 the configuration to redirect SSL is not working.

Any ideas?

Here is what I have:
Certificates built and working. The problem is in the redirection.

/etc/httpd/conf/httpd.conf

Code: Select all

NameVirtualHost *:443
config.inc.php
set to true;

Systems settings:
Set to https://server_ip/nagiosxi/

Core Config manager set to https

/etc/httpd/conf.d/nagiosxi.conf
I have also tried this line:
Redirect permanent / https://server_ip/
This setting says too many redirections.

The setting below does not place a "/" between the IP and nagiosxi

Code: Select all

<Directory "/usr/local/nagiosxi/html">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
   Redirect permanent / https://server_ip
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios XI"
#   AuthType Basic
#   AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
#   Require valid-user
</Directory>



<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/server.crt
        SSLCertificateKeyFile /etc/pki/tls/private/server.key
        <Directory "/usr/local/nagiosxi/html">
        AllowOverride All
        </Directory>
        <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
        </IfModule>
</VirtualHost>

Alias /nagiosxi "/usr/local/nagiosxi/html"

Re: SSL Redirection 5.2.3

Posted: Tue Feb 02, 2016 4:53 pm
by lmiltchev
Make, change:

Code: Select all

Redirect permanent / https://server_ip
to:

Code: Select all

Redirect permanent / https://server_ip/
and restart apache. Did this help?

Re: SSL Redirection 5.2.3

Posted: Tue Feb 02, 2016 4:59 pm
by mikew
All that did is is end up saying too many redirections.

Re: SSL Redirection 5.2.3

Posted: Tue Feb 02, 2016 5:38 pm
by lmiltchev
Mike, what is the OS/architecture? Can you zip up, and PM me the "/usr/local/nagiosxi/html/config.inc.php", and "/etc/httpd/*"?

Re: SSL Redirection 5.2.3

Posted: Tue Feb 02, 2016 6:12 pm
by mikew
Centos 6

When on use the slash on the redirect line that I showed this is what is returned:
Redirect permanent / https://server_ip/

Too many redirects occurred trying to open “https://server_ip/nagiosxi”

Only two lines edited in http.con
ServerName JDTest:80
NameVirtualHost *:443


Only the https line was edited in config.inc.php

// force http/https
$cfg['use_https'] = true; // determines whether cron jobs and other scripts will force the use of HTTPS instead of HTTP

nagiosxi.conf I listed the complete file before. No other files edited in the conf.d directory.

Re: SSL Redirection 5.2.3

Posted: Wed Feb 03, 2016 7:14 am
by WillemDH
Fyi, as it was on my to do to configure the permanent redirect, I tried to configure it following procedure in https://assets.nagios.com/downloads/nag ... s%20XI.pdf

Seems after restarting httpd, CSS stopped working when surfing to the http link. Also when clicking on 'Access nagios XI' there suddenly is an error in the url resulting in a ERR_NAME_NOT_RESOLVED error..

The resulting url looks like this: https://nagiosservernagiosxi/

I tried this on my PR and QA. Same problem.

Also tried with
Redirect permanent / https://nagiosserver
and
Redirect permanent / https://nagiosserver/
Same result.

This is my whole config:

Code: Select all

<VirtualHost *:80>
        <Directory "/usr/local/nagiosxi/html">
                #  SSLRequireSSL
                Options None
                AllowOverride None
                Order allow,deny
                Allow from all
#                Redirect permanent / https://nagiosserver
                #  Order deny,allow
                #  Deny from all
                #  Allow from 127.0.0.1
                #  AuthName "Nagios XI"
                #  AuthType Basic
                #  AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
                #  Require valid-user
        </Directory>
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteCond %{REQUEST_FILENAME} !-d
                RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
        </IfModule>
</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/nagiosserver_2016_sha256.crt
        #SSLCertificateFile /etc/pki/tls/certs/nagiosserver.gentgrp.gent.be.crt
        #SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/nagiosserver_2016_sha256.key
        #SSLCertificateKeyFile /etc/pki/tls/private/nagiosserver.key
        #SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        ErrorLog  /var/log/httpd/ssl_error_log
        CustomLog /var/log/httpd/ssl_access_log combined
        <Directory "/usr/local/nagiosxi/html">
                AllowOverride All
        </Directory>
        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteCond %{REQUEST_FILENAME} !-d
                RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
        </IfModule>
</VirtualHost>

Alias /nagiosxi "/usr/local/nagiosxi/html"
I don't want to highjack your thread Mike, let me know if you want me to make a separate thread.

Grtz

Re: SSL Redirection 5.2.3

Posted: Wed Feb 03, 2016 12:13 pm
by ssax
I always do this a different way, from the default install in /etc/httpd/conf/httpd.conf I add this to the bottom:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
That will handle the rewrites to SSL, then I just define my certs in /etc/httpd/conf.d/ssl.conf, restart apache, make the XI side changes, and it works.


Pro tip:

Add this to the bottom of you /etc/httpd/conf/httpd.conf to enable gzip compression to speed up page loads, ajax request, etc:

Code: Select all

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

Re: SSL Redirection 5.2.3

Posted: Fri Feb 05, 2016 4:38 am
by WillemDH
Sean,

I'm not sure what Mike's opinion is on this, but imho everyone should use the same method, described in the Nagios XI SSL documentation, which does not work at this time. I prefer to keep working with the nagiosxi.conf Apache configuration file.
The official nagios XI documentation results in two issues when trying a permanent redirect.
- CSS broken when going to HTTP link without fqdn
- Misformed URL (omitted / between Nagios host and nagiosxi suffix

Grtz

Willem

Re: SSL Redirection 5.2.3

Posted: Fri Feb 05, 2016 3:33 pm
by ssax
I agree, the information needs to be updated.

I'll create a task for it on Monday.

Re: SSL Redirection 5.2.3

Posted: Fri Feb 05, 2016 3:41 pm
by ssax
Mike, please zip up and PM me your /etc/httpd/conf/httpd.conf file and your /etc/http/conf.d directory and I'll lab it up and find you a resolution.

Thank you
All times are UTC-05:00
Page 1 of 3

Powered by phpBB® Forum Software © phpBB Limited