Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Thu Mar 24, 2016 4:24 pm
Hi,
I have a working install of Nagios 4.1.1 on CentOS 7 that allows me to browse to
https://host/nagios/ to access the web page without any issues.
I've recently decided to move it to
https://host/ and am having a bit of trouble accessing the page. I get a Forbidden when browsing to the homepage.
So far, I've modified the following files to the lines shown:
/etc/httpd/conf.d/nagios.conf
Code: Select all
ScriptAlias /cgi-bin "/usr/local/nagios/sbin"
/usr/local/nagios/etc/cgi.cfg
/etc/selinux/config
During the install, I followed this guide:
https://www.digitalocean.com/community/ ... n-centos-7
I'm hoping it's an easy fix but as I'm newer to nagios, I'm not completely familiar with how it all works. Any help would be much appreciated!
rkennedy
Posts: 6579 Joined: Mon Oct 05, 2015 11:45 am
Post
by rkennedy Thu Mar 24, 2016 4:45 pm
When accessing the page, what do you see in your /var/log/httpd/error_log ?
Former Nagios Employee
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Thu Mar 24, 2016 4:53 pm
Nothing.
Here are the errors I'm getting from other files though:
/var/log/httpd/ssl_error_log:
Code: Select all
[Thu Mar 24 17:32:25.118335 2016] [authz_core:error] [pid 1800] [client X.X.X.X:58913] AH01630: client denied by server configuration: /usr/local/nagios/shareindex.php
/var/log/httpd/ssl_access_log:
Code: Select all
X.X.X.X - nagiosadmin [24/Mar/2016:17:32:25 -0400] "GET / HTTP/1.1" 403 202
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Thu Mar 24, 2016 4:57 pm
Didn't notice the missing trailing slash before I posted it. Changed the following lines:
Code: Select all
Alias / "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share/">
rkennedy
Posts: 6579 Joined: Mon Oct 05, 2015 11:45 am
Post
by rkennedy Thu Mar 24, 2016 5:01 pm
Ah, I skimmed through this and missed that you were using SSL. That's the correct log. You might have a default apache scriptalias configuration already listening on /.
Can you post your full nagios apache configuration?
/etc/httpd/conf.d/nagios.conf
Also, what version of apache are you running?
apachectl -v
If it's 2.4, you may need to change your apache settings. See this post -
https://httpd.apache.org/docs/2.4/upgrading.html
Specifically this part -
Code: Select all
#Order allow,deny
#Allow from all
Require all granted
Former Nagios Employee
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Thu Mar 24, 2016 5:19 pm
The access part is working after this:
rewound wrote: Didn't notice the missing trailing slash before I posted it. Changed the following lines:
Code: Select all
Alias / "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share/">
Here's the info you requested:
Code: Select all
ScriptAlias /cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Alias / "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share/">
SSLRequireSSL
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Code: Select all
# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 19 2015 21:43:13
Now I've broken some links/reference/alias elsewhere...getting the following in ssl_error_log
Code: Select all
script not found or unable to stat: /var/www/cgi-bin
script not found or unable to stat: /var/www/cgi-bin/statusjson.cgi
script not found or unable to stat: /var/www/cgi-bin/status.cgi
rkennedy
Posts: 6579 Joined: Mon Oct 05, 2015 11:45 am
Post
by rkennedy Fri Mar 25, 2016 10:25 am
rewound wrote: The access part is working after this:
rewound wrote: Didn't notice the missing trailing slash before I posted it. Changed the following lines:
Code: Select all
Alias / "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share/">
Here's the info you requested:
Code: Select all
ScriptAlias /cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Alias / "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share/">
SSLRequireSSL
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Code: Select all
# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 19 2015 21:43:13
Now I've broken some links/reference/alias elsewhere...getting the following in ssl_error_log
Code: Select all
script not found or unable to stat: /var/www/cgi-bin
script not found or unable to stat: /var/www/cgi-bin/statusjson.cgi
script not found or unable to stat: /var/www/cgi-bin/status.cgi
There is probably a default for /cgi-bin already, take a look at your apache configuration files and look for that. If you can't find anything, please post all of your apache configuration files.
Former Nagios Employee
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Mon Mar 28, 2016 6:23 am
I left the apache configs pretty much in the default state so I'll play with those a bit and see what I can come up with. I'll post the changes here or any issues I have. Thank you for being so helpful.
rewound
Posts: 6 Joined: Thu Mar 24, 2016 4:07 pm
Post
by rewound Mon Mar 28, 2016 6:28 am
Well, that was a quick and easy fix. I just commented out the default ScriptAlias (as you mentioned was probably the case) and it's working fine.
In /etc/httpd/conf/httpd.conf
Code: Select all
<IfModule alias_module>
#ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
rkennedy
Posts: 6579 Joined: Mon Oct 05, 2015 11:45 am
Post
by rkennedy Mon Mar 28, 2016 9:43 am
Ah! Just an overlap of /cgi-bin/.
Former Nagios Employee