I'm running NagiosXI on RHEL5, Nagios is at version 2011R1.6
I have set a new url for the application of nagios.domain.com. I am trying to disable the default servername/nagiosxi. I have been unsuccessful at disabling the default url up to this point.
Can you please assist me with direction on how to make this change?
Thank you
disable default url
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: disable default url
Nagios XI is designed to run on with any hostname or IP on the system (including localhost), I'm not sure I understand what you are trying to accomplish.
-
uofcmissouri
- Posts: 20
- Joined: Wed Apr 07, 2010 3:13 pm
Re: disable default url
our certificate is only valid for https://nagios.domain.com
So for security purposes I need to be able to keep users from accessing nagios on https://servername.domain.com/nagiosxi or any other url with the exception of the above. As there is no certificate for use with any additional url.
I hope that makes sense.
So for security purposes I need to be able to keep users from accessing nagios on https://servername.domain.com/nagiosxi or any other url with the exception of the above. As there is no certificate for use with any additional url.
I hope that makes sense.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: disable default url
If you followed this doc
http://assets.nagios.com/downloads/nagi ... ios_XI.pdf
Once you have the secure certificate working, edit /etc/httpd/conf.d/nagiosxi.conf and replace this
with this
http://assets.nagios.com/downloads/nagi ... ios_XI.pdf
Once you have the secure certificate working, edit /etc/httpd/conf.d/nagiosxi.conf and replace this
Code: Select all
<VirtualHost *:443>Code: Select all
<VirtualHost nagios.domain.com:443>-
uofcmissouri
- Posts: 20
- Joined: Wed Apr 07, 2010 3:13 pm
Re: disable default url
I did use that document when I set up ssl.
I've already made that change in the nagiosxi.conf file, here is my config. Port 80 is actually blocked at the firewall. These changes are how I got the new url to work, but it doesn't stop https://servername.domain.com/nagiosxi from working.
<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory>
</VirtualHost>
<VirtualHost nagios.domain.com:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios.domain.com-cert.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios.domain.com.key
SSLCACertificateFile /etc/pki/tls/certs/DOMAIN_INTERMEDIATE-G2-cacert.crt
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"
I've already made that change in the nagiosxi.conf file, here is my config. Port 80 is actually blocked at the firewall. These changes are how I got the new url to work, but it doesn't stop https://servername.domain.com/nagiosxi from working.
<VirtualHost *:80>
<Directory "/usr/local/nagiosxi/html">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
# AuthName "Nagios XI"
# AuthType Basic
# AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
# Require valid-user
</Directory>
</VirtualHost>
<VirtualHost nagios.domain.com:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios.domain.com-cert.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios.domain.com.key
SSLCACertificateFile /etc/pki/tls/certs/DOMAIN_INTERMEDIATE-G2-cacert.crt
<Directory "/usr/local/nagiosxi/html">
AllowOverride All
</Directory>
</VirtualHost>
Alias /nagiosxi "/usr/local/nagiosxi/html"
Re: disable default url
I'm not an apache config expert, but would it work to do something like:
Or, you could also use apache's mod_rewrite to redirect all traffic for the old address to the new one. Preferences?
Code: Select all
<VirtualHost nagios.baddomain.stopusingthis:443>
Deny From All
</VirtualHost>