Nagios Support Forum

Posted: **Tue Aug 08, 2017 12:30 pm**

I have checked the forums here and it seems that others are having the same issue as I am of emailed report pdfs being corrupted, yet I have not found any responses that can assist me.
Here are the details and I am attaching relevant files as well.

I chose to run the Executive Summary report to myself and it arrived with the pdf attached, but when I open it, I get a message that Adobe Acrobat Reader could not open it because it is either not supported file type or has been damaged.
The /etc/httpd/var/error_log reveals the following ( I changed the hostname and IP for security reasons).

Code: Select all

--2017-08-08 11:32:59--  https://myserver/nagiosxi//reports/execsummary.php?reportperiod=last24hours&startdate=&enddate=&host=&service=&hostgroup=&servicegroup=&advanced=0&assumeinitialstates=yes&assumestateretention=yes&assumestatesduringdowntime=yes&includesoftstates=no&assumedhoststate=3&assumedservicestate=6&timeperiod=&username=myid&ticket=fmEr6CptGhGGsX46idpqKnPFhBbRJ5dXLRI7J8DlIfhaslA4RYuBljcVaHNS2g73&locale=en_US&mode=pdf
Resolving myserver (myserver)... 123.456.789.123
Connecting to myserver (myserver)|123.456.789.123|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

I am using SSL and am attaching my httpd.conf and ssl.conf files along with the iptables output from /etc/sysconfig/iptables. We are using port 8085 for our webserver and 8443 for SSL. Our iptables has been updated to point port 443 traffic to port 8443.

ssl.conf.txt

httpd.conf.txt

iptable_output.txt

I can telnet to the hostname with port 443 or 8443 and to localhost port 443 or 8443 with no problem.

Thanks you.

Posted: **Tue Aug 08, 2017 12:45 pm**

This error message would suggest that the SSL requests are being sent with the wrong protocol (SSLv2, SSLv3, TLS..)

I suspect that your port redirects are the culprit.

Posted: **Tue Aug 08, 2017 2:13 pm**

Any suggestions on how to correct ?

Posted: **Tue Aug 08, 2017 4:50 pm**

Can you post one of the corrupted PDF files as it probably has an error that we would need to troubleshoot this issue.
Can you post the following file from the XI server so we can check the settings in it?

Code: Select all

/usr/local/nagiosxi/html/config.inc.php

Another place to change is in the XI GUI, go to the Admin > System Settings menu, make sure the External URL is set correct with the SSL port in the URL as that is used to generate the reports.

Posted: **Tue Aug 08, 2017 5:28 pm**

The pdf is actually 0 bytes and even if I change the extension to .txt, it is completely empty.
Below attached is the file you requested.

config.inc.php.txt

Posted: **Wed Aug 09, 2017 1:10 pm**

In the ssl.conf file you have the listen port set to 443

Code: Select all

Listen 443 https

but in the config.inc.php, you have it set to 8443

Code: Select all

$cfg['port_number'] = 8443;

Match them up and see if the report runs and gets emailed.

Posted: **Wed Aug 09, 2017 2:37 pm**

If I change the ssl.conf to listen on 8443, then apache refuses to restart, so I had to set that back to 443 and then apache would successfully restart.

If I change the config.inc.php to use 443, I encounter an issue where by if I click on "Apply Configuration" in the GUI, it will never finish and eventually error out.
These changes also result in the following errors that never stop in /var/log/httpd/ssl_error_log until I revert back at which point they stop.

Code: Select all

[Wed Aug 09 14:23:34.700474 2017] [:error] [pid 111199] [client 123.456.789.123:57441] SSL received a record that exceeded the maximum permissible length., referer: https://myserver.somedomain.com:8443/nagiosxi/includes/components/nagioscorecfg/applyconfig.php?cmd=confirm
[Wed Aug 09 14:23:35.696931 2017] [:error] [pid 111194] [client 123.456.789.123:57434] SSL received a record that exceeded the maximum permissible length., referer: https://myserver.somedomain.com:8443/nagiosxi/includes/components/nagioscorecfg/applyconfig.php?cmd=confirm
[Wed Aug 09 14:23:36.702604 2017] [:error] [pid 111199] [client 123.456.789.123:57441] SSL received a record that exceeded the maximum permissible length., referer: https://myserver.somedomain.com:8443/nagiosxi/includes/components/nagioscorecfg/applyconfig.php?cmd=confirm
[Wed Aug 09 14:23:37.699642 2017] [:error] [pid 111194] [client 123.456.789.123:57434] SSL received a record that exceeded the maximum permissible length., referer: https://myserver.somedomain.com:8443/nagiosxi/includes/components/nagioscorecfg/applyconfig.php?cmd=confirm

So to summarize, currently I have the following.
config.inc.php --> $cfg['port_number'] = 8443;
ssl.conf --> Listen 443 https

And if I try to match both to either both have 443 or both have 8443, then something breaks.

Posted: **Wed Aug 09, 2017 2:42 pm**

Go to the Admin > System Settings menu, and post what is in the External URL field.

Posted: **Wed Aug 09, 2017 2:51 pm**

I have nothing in the "External URL" field. In the "Program URL" field right above it I have

Code: Select all

https://myserver.mydomain.com:8443/nagiosxi/

Posted: **Wed Aug 09, 2017 4:49 pm**

Put the same URL from the Program URL into the External URL and see if the report generates.

Nagios Support Forum

emailed report pdfs corrupted

emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted

Re: emailed report pdfs corrupted