Mixed content warning - Status Detail pages
Mixed content warning - Status Detail pages
Nagios XI 5.25
Initially I was accessing GUI by IP address; then I add a domain name and SSL. Since then I notice Host Status Detail and Service Status Detail pages are hanging trying to load unsecured content.
I've reviewed the documentation and everything is in place. https://assets.nagios.com/downloads/nag ... s%20XI.pdf
URL:
https://<hostname>/nagiosxi/?&xiwindow=https%3A%2F%2F<hostname>%2Fnagiosxi%2Fincludes%2Fcomponents%2Fxicore%2Fstatus.php%3Fshow%3Dhostdetail%26host%3D10.22.16.102
access_log:
[31/Mar/2016:16:42:34 -0400] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%2210.22.16.102%22%2C%22host_id%22%3A%221322%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=5bc567aefb8cd6884fe784df425de34a HTTP/1.1" 302 534 "http://<ipaddress>/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=10.22.16.102" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"
If I request http://<ipaddress>/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=10.22.16.102 in a browser the https rewrite rule kicks in and sends me to https://<domain>
Either I missed something or http://<ipaddress> is cached somewhere. I restarted everything and cleared my browser cache.
Initially I was accessing GUI by IP address; then I add a domain name and SSL. Since then I notice Host Status Detail and Service Status Detail pages are hanging trying to load unsecured content.
I've reviewed the documentation and everything is in place. https://assets.nagios.com/downloads/nag ... s%20XI.pdf
URL:
https://<hostname>/nagiosxi/?&xiwindow=https%3A%2F%2F<hostname>%2Fnagiosxi%2Fincludes%2Fcomponents%2Fxicore%2Fstatus.php%3Fshow%3Dhostdetail%26host%3D10.22.16.102
access_log:
[31/Mar/2016:16:42:34 -0400] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%2210.22.16.102%22%2C%22host_id%22%3A%221322%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=5bc567aefb8cd6884fe784df425de34a HTTP/1.1" 302 534 "http://<ipaddress>/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=10.22.16.102" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"
If I request http://<ipaddress>/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=10.22.16.102 in a browser the https rewrite rule kicks in and sends me to https://<domain>
Either I missed something or http://<ipaddress> is cached somewhere. I restarted everything and cleared my browser cache.
Re: Mixed content warning - Status Detail pages
Can you show us your /etc/httpd/conf.d/nagiosxi file?
Former Nagios Employee.
me.
me.
Re: Mixed content warning - Status Detail pages
I added HTTPS Rewrite here in addition to httpd.conf during my troubleshooting.
<Directory "/usr/local/nagiosxi/html">
SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
Require all granted
</Directory>
Alias /nagiosxi "/usr/local/nagiosxi/html"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://<mydomain>%{REQUEST_URI}
</IfModule>
<Directory "/usr/local/nagiosxi/html">
SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
Require all granted
</Directory>
Alias /nagiosxi "/usr/local/nagiosxi/html"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://<mydomain>%{REQUEST_URI}
</IfModule>
Re: Mixed content warning - Status Detail pages
I tried to replicate this running a tail -f against my access_log while browsing around different pages in XI, but wasn't able to. What OS are you running, and what version of apache (apachectl -v)?
For the record, all I'm seeing is -
What is the result if you use https://<ipaddress>/nagiosxi/?&xiwindow=https%3A%2F%2F<hostname>%2Fnagiosxi%2Fincludes%2Fcomponents%2Fxicore%2Fstatus.php%3Fshow%3Dhostdetail%26host%3D10.22.16.102
For the record, all I'm seeing is -
Code: Select all
::1 - - [31/Mar/2016:17:40:52 -0400] "POST /nagiosxi/backend/ HTTP/1.1" 200 1590 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
::1 - - [31/Mar/2016:17:40:52 -0400] "POST /nagiosxi/backend/ HTTP/1.1" 200 1590 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
Former Nagios Employee
Re: Mixed content warning - Status Detail pages
CentOS Linux release 7.2.1511 (Core)
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 19 2015 21:43:13
When I go to that URL (once i accept the security warning) it takes me to the Host Status Detail page and exhibits the same behavior. Content of page hangs waiting for unsecured content to load.
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 19 2015 21:43:13
When I go to that URL (once i accept the security warning) it takes me to the Host Status Detail page and exhibits the same behavior. Content of page hangs waiting for unsecured content to load.
Re: Mixed content warning - Status Detail pages
What's in your /etc/hosts file?
Former Nagios Employee.
me.
me.
Re: Mixed content warning - Status Detail pages
Ah - good question. I did read somewhere of a user with a similar problem caused by Apache not being able to resolve the local hostname. I had that Apache warning but chose to ignore it until the problem came up. Today I update my hosts file
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
<mypublicipaddress> <mypublicdomainname>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
<mypublicipaddress> <mypublicdomainname>
Re: Mixed content warning - Status Detail pages
Code: Select all
When I go to that URL (once i accept the security warning) it takes me to the Host Status Detail page and exhibits the same behavior. Content of page hangs waiting for unsecured content to load.
Also, what is the output of -
Code: Select all
cat /usr/local/nagiosxi/html/config.inc.php | grep https
Former Nagios Employee
Re: Mixed content warning - Status Detail pages
I'm working on the logs. Due to one of my changes, access logs became less helpful. It's all "internal dummy connection"
[root@nm tmp]# cat /usr/local/nagiosxi/html/config.inc.php | grep https
// force http/https
$cfg['use_https'] = true; // determines whether cron jobs and other scripts will force the use of HTTPS instead of HTTP
$cfg['online_help_url'] = "https://support.nagios.com/"; // comment this out to disable online help links
$cfg['feedback_url'] = "https://api.nagios.com/feedback/";
$cfg['privacy_policy_url'] = "https://www.nagios.com/legal/privacypolicy/";
You have new mail in /var/spool/mail/root
Thanks
[root@nm tmp]# cat /usr/local/nagiosxi/html/config.inc.php | grep https
// force http/https
$cfg['use_https'] = true; // determines whether cron jobs and other scripts will force the use of HTTPS instead of HTTP
$cfg['online_help_url'] = "https://support.nagios.com/"; // comment this out to disable online help links
$cfg['feedback_url'] = "https://api.nagios.com/feedback/";
$cfg['privacy_policy_url'] = "https://www.nagios.com/legal/privacypolicy/";
You have new mail in /var/spool/mail/root
Thanks
Re: Mixed content warning - Status Detail pages
The grep looks fine. What other changes have you made? These can affect how XI operates as a whole..
Let me know when you're able to get the requested access_log and ssl_access_log and we'll continue to look into this.
Let me know when you're able to get the requested access_log and ssl_access_log and we'll continue to look into this.
Former Nagios Employee