Page 1 of 1
Non-default port and Web UI commands
Posted: Mon Dec 26, 2011 7:15 pm
by lmilkovic
Hello everyone,
I have several Nagios XI instances and never had any problems regarding Web UI commands (for example, "Schedule an immediate check", "Disable notifications" and other commands that go straight through Nagios XI UI and not Nagios Core UI).
However, recently I changed Apache port on one of my instances (80->8080) and weird things started happening - I'm no longer able to submit commands. It seems like command execution is pending forever, and after a couple of seconds I get error message ("Your request was not processed in a timely manner"). Nevertheless, command is executed (check is made, or notifications are disabled/enabled).
If I try to execute the same command through Nagios Core UI, command executes successfully.
I'm also not able to apply configuration under CCM, it just waits forever... Unlike the previous commands which succeed regardless of waiting and returning an error message, applying the configuration will not succeed and won't show me my newly created hosts and services.
While browsing through the code, I noticed that all calls are actually AJAX calls and made through ajaxhelper.php (submit_command -> raw_submit_command in commands.js). I assumed that ajax_helper_url was incorrectly set to the URL without the new port, but, as far as I can tell, it is not the case.
I somehow think the problem is in get_ajax_data("getcommandstatus",command_id) call, or get_backend_xml_data() function, to be exact.
This behavior happens on all of my instances, when default port is changed. After returning port to the default one, everything works fine.
For example, it happens on the stock VM image on 32-bit CentOS 6 with Apache/2.2.15 (Unix) DAV/2 PHP/5.3.2.
I have no proxy installed, iptables are flushed...
Thank you in advance!
Luka
Re: Non-default port and Web UI commands
Posted: Tue Dec 27, 2011 12:04 pm
by lmilkovic
I managed to solve this issue with the following iptables command:
Code: Select all
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
Another solution is to explicitly put Apache on port 80 on loopback interface, and on any desired port on other interfaces...
I'm absolutely sure that the issue is related to
get_backend_xml_data() function, because this function returns NULL XML object when port is changed, and valid object when using default port. It could be related with some hardcoded value like (
http://localhost/...) inside this function, which won't work when port is changed (on all interfaces). I'm not able to find this function, so I assume it is encrypted with SourceGuardian inside util-functions.inc.php.
What amazes me though is that it seems no one ever had problems when changing ports, and they most certainly occur, because I tested almost 10 different instances of Nagios XI (both old and recent ones, VM images and custom installations)...
Could someone with the access to the source code please take a look at this function and check what's wrong?
Thank you.
Luka
Re: Non-default port and Web UI commands
Posted: Tue Dec 27, 2011 1:04 pm
by mguthrie
Can you outline the apache settings you changed to specify the different port number? We have a lot of users who currently use ports other than 80 that have fully functional systems. I'm wondering if there's something different in your environments that we don't have documented or we haven't accounted for.
Are you using NAT or a proxy on your system?
Changing the default port for apache *should* be fully function in XI, which is probably why there haven't been a lot of requests related to it. However, you are correct in that the firewall rules do need to be updated if the default http port is changed. If the firewall is closed to 8080, or whatever port you're using, the XI code is irrelevant. We updated the functions a while back that build the URLs to ask apache for the port number (if it's not port 80 or 443) and to build that into the URL if it's a non-default port.
We've got a web profiler script you can throw on your machine, and it dumps a lot of your apache output on screen. Go ahead and throw this in /var/www/html and then access it at http://<youraddress>/profile.php and see what it gives you.
I appreciate you documenting your fix, lets see if we can figure this out so we know if there's another environment variable that we have to account for, or if we're missing something in our code somewhere.
Re: Non-default port and Web UI commands
Posted: Tue Dec 27, 2011 4:03 pm
by lmilkovic
Hi Michael, thank you for your answer.
No, I'm not using NAT or proxy. My iptables are completely flushed (if I'm not doing the redirection from 80->8080), together with NAT and other tables.
The only change I made regarding Apache config is the "Listen" directive. I attached my config, but I only changed this line.
I ran a profile script you attached and here is the output:
Code: Select all
Testing System Profile
get_base_uri returns: http://192.168.1.52:8080/nagiosxi/
get_base_url returns: http://192.168.1.52:8080/nagiosxi/
get_backend_url(internal_call=false) returns: http://192.168.1.52:8080/profile.php
get_backend_url(internal_call=true) returns: http://localhost:8080/nagiosxi/backend/
SERVER INFO DUMP
Array
(
[HTTP_HOST] => 192.168.1.52:8080
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.25) Gecko/20111212 Firefox/3.6.25
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_KEEP_ALIVE] => 115
[HTTP_CONNECTION] => keep-alive
[HTTP_COOKIE] => nagiosxi=eji4gpht85dq7n6sm56cf47r33
[PATH] => /sbin:/usr/sbin:/bin:/usr/bin
[SERVER_SIGNATURE] => <address>Apache/2.2.15 (CentOS) Server at 192.168.1.52 Port 8080</address>
[SERVER_SOFTWARE] => Apache/2.2.15 (CentOS)
[SERVER_NAME] => 192.168.1.52
[SERVER_ADDR] => 192.168.1.52
[SERVER_PORT] => 8080
[REMOTE_ADDR] => 192.168.1.48
[DOCUMENT_ROOT] => /var/www/html
[SERVER_ADMIN] => root@localhost
[SCRIPT_FILENAME] => /var/www/html/profile.php
[REMOTE_PORT] => 44854
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /profile.php
[SCRIPT_NAME] => /profile.php
[PHP_SELF] => /profile.php
[REQUEST_TIME] => 1325019213
)
1
PING LOCALHOST
RUNNING: '/bin/ping -c 3 localhost 2>&1
'PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.059 ms
--- localhost ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.036/0.062/0.092/0.023 ms
WGET LOCALHOST CCM
WGET FROM URL: http://localhost/nagiosql/index.php
RUNNING: /usr/bin/wget http://localhost/nagiosql/index.php
--2011-12-27 20:53:35-- http://localhost/nagiosql/index.php
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... failed: Connection refused.
Connecting to localhost|127.0.0.1|:80... failed: Connection refused.
Last lines are interesting in two ways - it appears this script retrieves CCM URL without port specification. The second one is IPv6 resolving of localhost, I don't know why this happens, but I assume it's not the cause of the problem:)
Thanks again for your help.
Re: Non-default port and Web UI commands
Posted: Wed Dec 28, 2011 10:52 am
by mguthrie
Looks like you are correct in that the subsystem wget calls don't have the port #'s accounted for. We'll look at adding that in for the next release. I'm actually a little bit surprised as well that no one has mentioned this before ; )
I suspect for this we'll probably add it as a part of the global $cfg array that's in the /usr/local/nagiosxi/html/config.inc.php file. We had to do the same fix for strict https calls.
Re: Non-default port and Web UI commands
Posted: Wed Dec 28, 2011 11:04 am
by mguthrie
Committed the changes to SVN for the next release. Thanks for the heads up.
The other thing you could do in the meantime would be to force an http redirect for all requests coming in on port 80 to 8080.
Re: Non-default port and Web UI commands
Posted: Wed Dec 28, 2011 12:01 pm
by lmilkovic
Thank you for your response and the fix.
Our clients and I are looking forward to new release:)
P.S. My company is an authorized Nagios reseller partner (Reseller ID: 31319), but we don't have access to Customer Support forum (as we're not customers directly). We cannot fill out the access form (
http://www.nagios.com/services/support/ ... ccess-form) in order to get access to Customer Support forum, because we don't have customer/account number:) How can we obtain access to this forum and who should I contact regarding this access?
I know this is a HUGE topic abuse, but I'll appreciate any help:)
Thanks again!
Luka
Re: Non-default port and Web UI commands
Posted: Wed Dec 28, 2011 2:42 pm
by mguthrie
I would actually email our sales team at
[email protected] and see what they can do for you on that one. I'm not sure what the conditions would be for that. If we're able to give you customer access though they can set that up for you as well.