Page 1 of 1
Configure Nagios Core 4.2.1 to use HTTPS
Posted: Thu Oct 13, 2016 2:18 pm
by NetNeutron
I am trying to configure nagios core to use https instead of http.
I tried to follow the guide "Enhanced CGI Security and Authentication" in the Nagios Core documentation.
I installed/compiled Core by following this guide "Fedora Quickstart"
I tried "Implementing Digest Authentication"
but that failed with
Syntax error on line 35 of /etc/httpd/conf.d/nagios.conf:
Invalid command 'AuthDigestFile', perhaps misspelled or defined by a module not included in the server configuration
Please advise...
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Thu Oct 13, 2016 2:46 pm
by NetNeutron
Update.
I was able to "Implementing Digest Authentication" by using AuthUserFile instead of AuthDigestFile as we are using Apache 2.2
https://wiki.apache.org/httpd/InvalidCo ... DigestFile
Now onto "Implementing Forced TLS/SSL"
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Thu Oct 13, 2016 2:50 pm
by avandemore
Sounds like your apache isn't loading mod_auth_digest, but that section of the docs isn't required for SSL?
You need to follow more of the "Implementing Forced TLS/SSL" section. A close but not perfect procedure for a Core installation can be found here:
Configuring SSL for Nagios XI
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Thu Oct 13, 2016 2:56 pm
by dwhitfield
Something to think about when choosing:
Digest authentication was intended to be more secure than basic authentication, but no longer fulfills that design goal. A man-in-the-middle attacker can trivially force the browser to downgrade to basic authentication. And even a passive eavesdropper can brute-force the password using today's graphics hardware, because the hashing algorithm used by digest authentication is too fast. Another problem is that the storage of the passwords on the server is insecure. The contents of a stolen htdigest file can be used directly for digest authentication. Therefore using mod_ssl to encrypt the whole connection is strongly recommended.
-
https://httpd.apache.org/docs/current/m ... igest.html
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Fri Oct 14, 2016 8:01 am
by NetNeutron
I do have the Digest Authentication working now.
I have installed the mod_ssl & openssl via yum.
I have generated the keys using the doc Configuring SSL for Nagios XI.
But when I get to the point of "Update Apache Configuration" I am not sure how
to adjust the ReWriteRule for Nagios Core.
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule nagiosxi/api/v1/(.*)$ /usr/local/nagiosxi/html/api/v1/index.php?request=$1 [QSA,NC,L]
</IfModule>
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Fri Oct 14, 2016 9:38 am
by rkennedy
That rewrite rule is only for the API, you do not need it in your Core configuration.
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Fri Oct 14, 2016 10:41 am
by NetNeutron
That minor change did work.
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
</IfModule>
Up and running using HTTPS !
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Fri Oct 14, 2016 10:43 am
by dwhitfield
It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Mon Oct 17, 2016 7:15 am
by NetNeutron
Yes this thread can be locked.
Re: Configure Nagios Core 4.2.1 to use HTTPS
Posted: Mon Oct 17, 2016 9:08 am
by dwhitfield
Glad to hear it is resolved. I am going to lock the thread. Please feel free to post again if you have you another issue. Thank you for using the Nagios forums!