Page 1 of 1
** RESOLVED ** Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 9:48 am
by amdjml
Hi All,
I have a nagios server that runs on "
http://servername/nagios/". I am using Ubuntu 18.04 LTS with Apache for the web server and I'd like to enable HTTPS for the web GUI. Here is what I have done so far:
1. Obtained a valid certificate
2. Configured Apache for SSL and enabled the default-ssl config file
When I go to "
https://servername/nagios/", nothing loads. Apache & nagios logs not reporting any errors. I can see the nagios favicon on my browser but not content in the body of the browser.
There are 3 config files for apache in "/etc/apache2/sites-available/" and "/etc/apache2/sites-enabled" and they are:
000-default.conf
default-ssl.conf
nagios.conf
I have searched the web extensively and by my surprise, there aren't many articles with this topic available on the internet. Any help or guidance is greatly appreciated.
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 10:00 am
by scottwilkerson
Can you share these files?
Code: Select all
000-default.conf
default-ssl.conf
nagios.conf
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 10:09 am
by amdjml
Hi,
Yes.
000-default.conf
Code: Select all
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
default-ssl.conf
Code: Select all
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [email protected]
ServerName example.com
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateChainFile /etc/ssl/private/chain.crt
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
# SSLUseStapling on
# SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparam.pem"
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
and, nagios.conf
Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
SSLRequireSSL
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
# Require host 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</IfVersion>
</Directory>
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 10:28 am
by scottwilkerson
Did you restart apache after making the changes?
Also, can you send the error.log from the apache log directory.
Thanks
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 10:39 am
by amdjml
I have restarted apache:
Code: Select all
sudo systemctl restart apache2.service
There is not much in the error.log file:
Code: Select all
[Sun Aug 19 06:25:01.739427 2018] [mpm_prefork:notice] [pid 1199] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Sun Aug 19 06:25:01.739499 2018] [core:notice] [pid 1199] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 20 06:25:02.014935 2018] [mpm_prefork:notice] [pid 1199] AH00171: Graceful restart requested, doing restart
[Mon Aug 20 06:25:02.075393 2018] [mpm_prefork:notice] [pid 1199] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Mon Aug 20 06:25:02.075423 2018] [core:notice] [pid 1199] AH00094: Command line: '/usr/sbin/apache2'
[Mon Aug 20 11:35:51.173516 2018] [mpm_prefork:notice] [pid 1199] AH00169: caught SIGTERM, shutting down
[Mon Aug 20 11:35:51.338079 2018] [mpm_prefork:notice] [pid 23227] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Mon Aug 20 11:35:51.338155 2018] [core:notice] [pid 23227] AH00094: Command line: '/usr/sbin/apache
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 11:01 am
by scottwilkerson
If you look at your access.log while trying to connect to the https URL do you see the log entry?
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 11:18 am
by amdjml
Yes, I do:
Code: Select all
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/ HTTP/1.1" 200 5794 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/side.php HTTP/1.1" 200 1555 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:49 -0400] "GET /nagios/main.php HTTP/1.1" 200 3500 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
10.x.x.x - nagiosadmin [20/Aug/2018:12:12:50 -0400] "GET /nagios/images/favicon.ico HTTP/1.1" 200 1270 "https://example.com/nagios/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
... and this is what I see on my browser:
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 11:37 am
by amdjml
I found the solution. I am going to put what I did to resolve this.
In Chrome, I opened the "Inspect" tool and clicked on the "Console" tab and I saw the message below:
Refused to display 'https://example.com/nagios/main.php' in a frame because it set 'X-Frame-Options' to 'deny'.
I then, edited the "default-ssl.conf" file for Apache. The line that needs to be changed (in my case) is:
Code: Select all
Header always set X-Frame-Options DENY
Change it to:
Code: Select all
Header always set X-Frame-Options SAMEORIGIN
Restart apache and you are done
Re: Nagios Core 4.4.1 - Enable HTTPS for Web GUI
Posted: Mon Aug 20, 2018 12:21 pm
by scottwilkerson
Great! closing