Nagios Support Forum • Changing access from /nagios/ to /

Page 1 of 1

Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 4:24 pm

by rewound

Hi,

I have a working install of Nagios 4.1.1 on CentOS 7 that allows me to browse to https://host/nagios/ to access the web page without any issues.

I've recently decided to move it to https://host/ and am having a bit of trouble accessing the page. I get a Forbidden when browsing to the homepage.
So far, I've modified the following files to the lines shown:

/etc/httpd/conf.d/nagios.conf

Code: Select all

ScriptAlias /cgi-bin "/usr/local/nagios/sbin"

Code: Select all

Alias / "/usr/local/nagios/share"

Code: Select all

SSLRequireSSL

/usr/local/nagios/etc/cgi.cfg

Code: Select all

url_html_path=/

/etc/selinux/config

Code: Select all

SELINUX=disabled

During the install, I followed this guide: https://www.digitalocean.com/community/ ... n-centos-7

I'm hoping it's an easy fix but as I'm newer to nagios, I'm not completely familiar with how it all works. Any help would be much appreciated!

Re: Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 4:45 pm

by rkennedy

When accessing the page, what do you see in your /var/log/httpd/error_log ?

Re: Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 4:53 pm

by rewound

Nothing.

Here are the errors I'm getting from other files though:

/var/log/httpd/ssl_error_log:

Code: Select all

[Thu Mar 24 17:32:25.118335 2016] [authz_core:error] [pid 1800] [client X.X.X.X:58913] AH01630: client denied by server configuration: /usr/local/nagios/shareindex.php

/var/log/httpd/ssl_access_log:

Code: Select all

X.X.X.X - nagiosadmin [24/Mar/2016:17:32:25 -0400] "GET / HTTP/1.1" 403 202

Re: Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 4:57 pm

by rewound

Didn't notice the missing trailing slash before I posted it. Changed the following lines:

Code: Select all

Alias / "/usr/local/nagios/share/"

<Directory "/usr/local/nagios/share/">

Re: Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 5:01 pm

by rkennedy

Ah, I skimmed through this and missed that you were using SSL. That's the correct log. You might have a default apache scriptalias configuration already listening on /.

Can you post your full nagios apache configuration? /etc/httpd/conf.d/nagios.conf

Also, what version of apache are you running? apachectl -v

If it's 2.4, you may need to change your apache settings. See this post -
https://httpd.apache.org/docs/2.4/upgrading.html

Specifically this part -

Code: Select all

#Order allow,deny
#Allow from all
Require all granted

Re: Changing access from /nagios/ to /

Posted: Thu Mar 24, 2016 5:19 pm

by rewound

The access part is working after this:

rewound wrote:Didn't notice the missing trailing slash before I posted it. Changed the following lines:
Code: Select all
Alias / "/usr/local/nagios/share/"

<Directory "/usr/local/nagios/share/">

Here's the info you requested:

Code: Select all

ScriptAlias /cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
   SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted

         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all

      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Alias / "/usr/local/nagios/share/"

<Directory "/usr/local/nagios/share/">
   SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted

         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all

      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Code: Select all

# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 19 2015 21:43:13

Now I've broken some links/reference/alias elsewhere...getting the following in ssl_error_log

Code: Select all

script not found or unable to stat: /var/www/cgi-bin
script not found or unable to stat: /var/www/cgi-bin/statusjson.cgi
script not found or unable to stat: /var/www/cgi-bin/status.cgi

Re: Changing access from /nagios/ to /

Posted: Fri Mar 25, 2016 10:25 am

by rkennedy

rewound wrote:The access part is working after this:

rewound wrote:Didn't notice the missing trailing slash before I posted it. Changed the following lines:
Code: Select all
Alias / "/usr/local/nagios/share/"

<Directory "/usr/local/nagios/share/">

Here's the info you requested:

Code: Select all

ScriptAlias /cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
   SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted

         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all

      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Alias / "/usr/local/nagios/share/"

<Directory "/usr/local/nagios/share/">
   SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         Require all granted

         AuthName "Nagios Access"
         AuthType Basic
         AuthUserFile /usr/local/nagios/etc/htpasswd.users
         Require valid-user
      </RequireAll>
   </IfVersion>
   <IfVersion < 2.3>
      Order allow,deny
      Allow from all

      AuthName "Nagios Access"
      AuthType Basic
      AuthUserFile /usr/local/nagios/etc/htpasswd.users
      Require valid-user
   </IfVersion>
</Directory>

Code: Select all

# apachectl -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 19 2015 21:43:13

Now I've broken some links/reference/alias elsewhere...getting the following in ssl_error_log

Code: Select all

script not found or unable to stat: /var/www/cgi-bin
script not found or unable to stat: /var/www/cgi-bin/statusjson.cgi
script not found or unable to stat: /var/www/cgi-bin/status.cgi

There is probably a default for /cgi-bin already, take a look at your apache configuration files and look for that. If you can't find anything, please post all of your apache configuration files.

Re: Changing access from /nagios/ to /

Posted: Mon Mar 28, 2016 6:23 am

by rewound

I left the apache configs pretty much in the default state so I'll play with those a bit and see what I can come up with. I'll post the changes here or any issues I have. Thank you for being so helpful.

Re: Changing access from /nagios/ to /

Posted: Mon Mar 28, 2016 6:28 am

by rewound

Well, that was a quick and easy fix. I just commented out the default ScriptAlias (as you mentioned was probably the case) and it's working fine.

In /etc/httpd/conf/httpd.conf

Code: Select all

<IfModule alias_module>
     #ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

Re: Changing access from /nagios/ to /

Posted: Mon Mar 28, 2016 9:43 am

by rkennedy

Ah! Just an overlap of /cgi-bin/.

Glad you were able to find it!

Just to make sure - am I good to mark this thread as resolved and close it out?