Page 1 of 2
Configuring NagiosXI for HTTPS
Posted: Wed Jun 15, 2016 1:10 am
by Fred Kroeger
Hi Followed the Nagios doco on Configuring-SSL-with-NagiosXI and got it all working except for a couple of screens.
I can't search for hostnames in the main screen and also Monitoring Engine Status display no results for Engine Process & Engine EVent queue
An excerpt below from System Profile may indicate why
Code: Select all
Test wget To localhost
WGET From URL: https://localhost/nagiosxi/includes/components/ccm/
Running:
/usr/bin/wget https://localhost/nagiosxi/includes/components/ccm/
--2016-06-15 15:56:45-- https://localhost/nagiosxi/includes/components/ccm/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:443... connected.
ERROR: cannot verify localhost's certificate, issued by "/C=AU/ST=WA/L=Perth/O=XXX/CN=server200":
Self-signed certificate encountered.
ERROR: certificate common name "server200" doesn't match requested host name "localhost".
To connect to localhost insecurely, use '--no-check-certificate'.
How do I set the localhost queries to use '--no-check-certificate' ?
Fred
Re: Configuring NagiosXI for HTTPS
Posted: Wed Jun 15, 2016 9:13 am
by ssax
Fred, can you zip up your /etc/httpd/conf/httpd.conf and your /etc/httpd/conf.d directory so that I can lab this up? The profile one should be ignored, the rest of them in the backend should use it already, I would double check that you changed all SSL settings from the doc:
https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Re: Configuring NagiosXI for HTTPS
Posted: Wed Jun 15, 2016 9:04 pm
by Fred Kroeger
Yes - followed the instructions in the doco & double checked.
http conf files are attached
Also just found out that I can't Apply a configuration in CCM - it just keeps printing dots forever.
regards... Fred
Re: Configuring NagiosXI for HTTPS
Posted: Wed Jun 15, 2016 10:52 pm
by Fred Kroeger
I've got it working by making a few changes to the nagiosxi.conf file in conf.d
I've attached it. Compare it to the original I sent before and let me know what you think.
regards... Fred
Re: Configuring NagiosXI for HTTPS
Posted: Thu Jun 16, 2016 1:33 pm
by tgriep
Fred, those settings look good to me. Having the setting in one file vs multiple files isn't an issue.
If the issue is resolved, shall we close and lock up this post?
Re: Configuring NagiosXI for HTTPS
Posted: Thu Jun 16, 2016 7:18 pm
by Fred Kroeger
It's resolved in that I have it working. However, the issue is that it doesn't work if I follow your doco.
I made quite a few changes to the nagiosxi.conf file which are not reflected in the doco.
Fred
Re: Configuring NagiosXI for HTTPS
Posted: Fri Jun 17, 2016 10:50 am
by tmcdonald
What XI version are you using? We might need to do some regression testing on the doc if you are running an older version.
Aside from that, are there any modifications to the system? Any proxies in place, any changed install directories, that sort of thing?
Re: Configuring NagiosXI for HTTPS
Posted: Sun Jun 19, 2016 7:48 pm
by Fred Kroeger
Running NagiosXI 5.2.9
Standard Nagios VM installed in AWS - all paths/directories are standard.
The only "extra" installed is Mod-Gearman.
regards... Fred
Re: Configuring NagiosXI for HTTPS
Posted: Mon Jun 20, 2016 1:29 pm
by mcapra
Following the document as it is written didn't present any issues on my testing environments. I was not able to replicate these issues on 5.2.8 or 5.2.9.
Re: Configuring NagiosXI for HTTPS
Posted: Wed Jul 06, 2016 3:40 pm
by bhowardFSU
I'm having the same issue, following the same documentation. I agree, the documentation is faulty.
Followed documentation from:
https://assets.nagios.com/downloads/nag ... s%20XI.pdf
Adding the Rewrite rules to the httpd.conf as per the instructions:
Code: Select all
echo 'RewriteEngine On' >> /etc/httpd/conf/httpd.conf
echo 'RewriteCond %{HTTPS} off' >> /etc/httpd/conf/httpd.conf
echo 'RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}' >> /etc/httpd/conf/httpd.conf
With these lines in the httpd.conf, "Apply Configuration" in the CCM causes the "Waiting for configuration verification......." with endless dots. This is with Nagios XI 5.2.8 on a fresh install (I'm setting up a new server from scratch).
If I comment out the lines and restart apache, it works fine. I need to have this working, we can't have production logins on http.