Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Web interface/apache2 questions

https://support.nagios.com/forum/viewtopic.php?t=9705

Page 1 of 2

Web interface/apache2 questions

Posted: Wed Mar 13, 2013 6:12 pm
by linuxnewbie
Hey guys,

So I've had my nifty Nagios core running like a champ (partly due this forum and the many helpful people here).

I'm having trouble getting the web interface visible outside my internal network.

I'm running Ubuntu 12.10, Nagios core 3.1.0, using apache2
Durring my time researching Ive found a range of guides to get this to work, ether I'm not understanding something, skipping something, or just doing it wrong! Hopefully someone here will be able to tell me.

So the guide has me dropping this code into httpd.conf. With a fresh install of Ubuntu and nagios 3.1.0 I was missing the file so i created it in /etc/apache2/
Below is the script it had me add to the httpd.conf

Code: Select all

#NameVirtualHost *:85
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

<Directory "/usr/local/nagios/sbin">
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /usr/local/nagios/etc/htpasswd.users
    Require valid-user
</Directory>

Alias /nagios /usr/local/nagios/share

<Directory "/usr/local/nagios/share">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /usr/local/nagios/etc/htpasswd.users
    Require valid-user
</Directory>
When I restart apache2 i get this error:

Code: Select all

[Wed Mar 13 15:43:02 2013] [warn] The ScriptAlias directive in /etc/apache2/conf.d/nagios.conf at line 9 will probably never match because it overlaps an earlier ScriptAlias.
[Wed Mar 13 15:43:02 2013] [warn] The Alias directive in /etc/apache2/conf.d/nagios.conf at line 26 will probably never match because it overlaps an earlier Alias.
So I took a look at my /etc/apache2/conf.d/nagios.conf here is that:

Code: Select all

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>
At this point I'm quite lost, if anyone has an easy step by step guide or another website with more helpful info I shall give you my first born... its really frustrating me that much! lol

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 9:48 am
by abrist
You only want to declare the nagios share and cgi-bin directives once. Currently, you have them declared in httpd.conf and nagios.conf. My suggestion would be to leverage the vhosts as the apache devs intended by sticking with the nagios.conf and removing most of what you added to httpd.conf. But it will work either way, just not both.

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 1:39 pm
by linuxnewbie
Well i commented everything out from the httpd.conf so now apache2 restarts without an error.

The main issue is still present tho, I cannot access my web interface from an outside source. The website is hosted on another linux box here in the office.

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 1:58 pm
by sreinhardt
So the lines with "allow from all" are making apache available to any connection that is requested. What you likely need to look at is, IPTables on the local nagios instance if enabled, and if you have natted or port forwarded to your nagios host on the external firewalls. If you just try to access the external IP address of your company without telling the firewall to forward to nagios, it will have no idea what to do, or block the connection immediately. Same goes for IPtables if you have that enabled and restricting to just the local network it would not allow external resources to communicate with it. I cannot setup the external firewall for you, but we can verify IPTables with an "iptables -l". Reply back with that and we can make sure you are not blocked there at least.

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 2:00 pm
by abrist
Is your workstation on the same network segment as the nagios server? Can you access the nagios web page from the nagios server itself?

In your default vhosts file or your nagios file, do you have:

Code: Select all

Listen 80
Declared?

When you try to access the nagios web page from your workstation, do you receive a 404 or an access denied?
Do a running tail on your httpd error log and then try to open the web page from your workstation, post the output here:

Code: Select all

tail -f /var/log/httpd/error_log
or:

Code: Select all

tail -f /var/log/apache2/error_log
Now try to browse to the web interface and post the errors here.

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 5:39 pm
by linuxnewbie
Ok I did find "Listen 80" in my ports.conf

I can access the web interface from the nagios server, but when trying to connect via a computer on the same subnet I get "failed to connect"

I ran: tail -f /var/log/apache2/error.log

Code: Select all

root@PITA:/home/tmc# tail -f /var/log/apache2/error.log
[Wed Mar 13 15:43:33 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.6-1ubuntu1.1 configured -- resuming normal operations
[Thu Mar 14 07:57:34 2013] [notice] Graceful restart requested, doing restart
[Thu Mar 14 07:57:34 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Thu Mar 14 07:57:34 2013] [warn] The ScriptAlias directive in /etc/apache2/conf.d/nagios.conf at line 9 will probably never match because it overlaps an earlier ScriptAlias.
[Thu Mar 14 07:57:34 2013] [warn] The Alias directive in /etc/apache2/conf.d/nagios.conf at line 26 will probably never match because it overlaps an earlier Alias.
[Thu Mar 14 07:57:44 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.6-1ubuntu1.2 configured -- resuming normal operations
[Thu Mar 14 11:27:05 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 11:27:26 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.6-1ubuntu1.2 configured -- resuming normal operations
[Thu Mar 14 13:16:56 2013] [notice] caught SIGTERM, shutting down
[Thu Mar 14 13:17:18 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.6-1ubuntu1.2 configured -- resuming normal operations

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 5:42 pm
by linuxnewbie
Here is what i get when i use "iptables -L"

Code: Select all

root@PITA:/home/tmc# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Re: Web interface/apache2 questions

Posted: Thu Mar 14, 2013 6:43 pm
by scottwilkerson
linuxnewbie wrote: I cannot access my web interface from an outside source. The website is hosted on another linux box here in the office.
Do you mean you can access from in the office but cannot from outside?

What address are you trying to access the Nagios install at, from outside? Is it a FQDN or public IP that maps to that server?

Re: Web interface/apache2 questions

Posted: Thu Mar 21, 2013 2:04 pm
by linuxnewbie
Sorry its taken me so long to respond,
scottwilkerson wrote:
linuxnewbie wrote: I cannot access my web interface from an outside source. The website is hosted on another linux box here in the office.
Do you mean you can access from in the office but cannot from outside?

What address are you trying to access the Nagios install at, from outside? Is it a FQDN or public IP that maps to that server?
Sorry for the confusion, yes I can access my web interface via the internal network by the internal IP/nagios. I do not know how to link this to our existing website, so when I goto www.blahblah.com/nagios I get "unable to connect"

We are using a FQDN for our website.
Another linux server in the office is hosting the website I need to link nagios to.
Hope this helps you point me in the correct direction!

Thanks all

Re: Web interface/apache2 questions

Posted: Thu Mar 21, 2013 2:44 pm
by sreinhardt
You would need to have some sort of apache\other web proxy in place to understand that when it is for yourdomain.com\normalwebpage it goes to the standard server, and when yourdomain.com\nagios comes it it needs needs to be routed to the nagios machine. This is not terribly difficult and there are solutions that do it, however it would be out of the scope that we normally help with. An alternative that you may find acceptable, would be to use a separate port for nagios apache (ie 81, 8000, 8080), and allow the firewall to forward that directly to the nagios machine. This would void any need for the messy web url proxy.
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited